2019-11-20 21:13:49 +01:00
|
|
|
title: How to run world reachable docker containers on your notebook
|
|
|
|
|
---
|
|
|
|
|
pub_date: 2019-11-20
|
|
|
|
|
---
|
|
|
|
|
author: Nico Schottelius
|
|
|
|
|
---
|
|
|
|
|
twitter_handle: NicoSchottelius
|
|
|
|
|
---
|
|
|
|
|
_hidden: no
|
|
|
|
|
---
|
|
|
|
|
_discoverable: yes
|
|
|
|
|
---
|
|
|
|
|
abstract:
|
|
|
|
|
With IPv6, you can do so many things faster than before
|
|
|
|
|
---
|
|
|
|
|
body:
|
|
|
|
|
|
|
|
|
|
Today [Alain](https://github.com/munen/)
|
|
|
|
|
from [200ok](https://200ok.ch/) and me were hacking in the
|
|
|
|
|
[Hacking Hotel Diesbach](https://hack.digitalglarus.ch/) and found an
|
|
|
|
|
interesting problem: the docker containers on Alain's notebook did not
|
|
|
|
|
reach the Internet.
|
|
|
|
|
|
|
|
|
|
## IPv6 only networks
|
|
|
|
|
|
|
|
|
|
It turns out that here in the Hacking Hotel, we are in an IPv6 only
|
|
|
|
|
network and docker by default assigns IPv4 addresses to
|
|
|
|
|
containers. This obviously does not work, because there is no IPv4
|
|
|
|
|
connectivity in an IPv6 only network...
|
|
|
|
|
|
|
|
|
|
## Turning the problem into a feature
|
|
|
|
|
|
|
|
|
|
...being in the Hacking Hotel means being inside the
|
|
|
|
|
*2a0a:e5c0:10::/48* network. The nice thing about IPv6 is that you
|
|
|
|
|
have a lot of space. With the /48 network, we have around 65'536 /64
|
|
|
|
|
sub networks. But enough from the IPv6 love...
|
|
|
|
|
|
|
|
|
|
... what this means is that we can just route a /64 network to Alain's
|
|
|
|
|
notebook and reconfigure his docker daemon to use IPv6 instead of
|
|
|
|
|
IPv4. Simply creating the **/etc/docker/daemon.json** with the
|
|
|
|
|
following content is enough:
|
|
|
|
|
|
|
|
|
|
```json
|
|
|
|
|
{
|
|
|
|
|
"ipv6": true,
|
|
|
|
|
"fixed-cidr-v6": "2a0a:e5c0:10:f00::/64"
|
|
|
|
|
}
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
This is great, as long as we work in the Hacking Hotel...
|
|
|
|
|
|
|
|
|
|
## And turning it into a demo ready state
|
|
|
|
|
|
|
|
|
|
The problem with our solution above is that the network is only routed
|
|
|
|
|
to his notebook, when he is in the Hacking Hotel and it will not work
|
|
|
|
|
outside.
|
|
|
|
|
|
2019-11-20 21:21:33 +01:00
|
|
|
Alain also has a VPN from [IPv6VPN.ch](https://IPv6VPN.ch) that
|
2019-11-20 21:13:49 +01:00
|
|
|
gives him a static /48 network to his notebook. Now we selected a
|
|
|
|
|
/64 subnet and what does it give?
|
|
|
|
|
|
|
|
|
|
**World wide reachable docker containers** on a notebook!
|
|
|
|
|
|
|
|
|
|
Isn't that sweet? Given the right firewall settings, the containers
|
|
|
|
|
can now be reached from anywhere in the world. From a notebook, which
|
|
|
|
|
can be anywhere else in the world.
|
|
|
|
|
|
|
|
|
|
## More of this
|
|
|
|
|
|
|
|
|
|
If you like hacking with IPv6, or to reproduce the docker setup above,
|
|
|
|
|
you are invited to join the [IPv6 Chat](https://IPv6.chat)
|
|
|
|
|
or to get yourself a 50% off deal on the [Black IPv6
|
|
|
|
|
Friday](https://swiss-crowdfunder.com/campaigns/black-ipv6-friday?locale=en)
|
|
|
|
|
campaign.
|
