Enable IPv6 on docker

Docker IPv6 support

IPv6 was never a design goal of Docker. But enabling (outgoing) IPv6 support on Docker guests is not as hard as it seems.

Our non-public infrastructure is (mostly) IPv6 only. Therefore, we need outgoing* IPv6 support on our Docker based Gitlab runners. Complete IPv6 support is out of scope of this snippet – a more complete answer may be found on Docker IPV6 Guide.

Simply follow these steps:

Enable IPv6

Edit /etc/docker/daemon.json on the Docker host

  "ipv6": true,
  "fixed-cidr-v6": "fd00::/80"

and restart the daemon, e.g.

sudo service docker restart

Enable outgoing traffic using NAT

sudo ip6tables -t nat -A POSTROUTING -s fd00::/80 ! -o docker0 -j MASQUERADE

Test outgoing traffic from a Docker guest

docker run --rm -t busybox ping6 ipv6.google.com

Make changes permanent

This obviously depends on your distribution. For Debian/Ubuntu based distributions, we edit /etc/systemd/system/multi-user.target.wants/docker.service:

ExecStartPre=ip6tables -t nat -A POSTROUTING -s fd00::/80 ! -o docker0 -j MASQUERADE

For this to test, you need to reboot your system.

* IP always needs to work in both directions. "Outgoing" means our Docker guests contact IPv6 only servers, but are not accessible via IPv6.

docker gitlab