Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add IPv6 support #92

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add IPv6 support #92

wants to merge 1 commit into from

Conversation

ghostiam
Copy link

@ghostiam ghostiam commented Mar 19, 2023
edited

#8

For tests:

Enable IPv6 support in Docker by specifying ULA range (RFC 4193) in /etc/docker/daemon.json

{
  "experimental": true,
  "ipv6": true,
  "ip6tables": true,
  "fixed-cidr-v6": "fd00:dead:beef::/48"
}

Restart Docker

systemctl restart docker

Reinstall script:

sudo wget -O /usr/local/bin/ufw-docker \
  https://github.com/ghostiam/ufw-docker/raw/v6nat/ufw-docker
sudo chmod +x /usr/local/bin/ufw-docker
ufw-docker install
Output: 
--- /etc/ufw/after6.rules	2023-03-19 21:43:32.713888837 +0000
+++ /tmp/tmp.CPfwzQubwd	2023-03-19 21:43:35.341910743 +0000
@@ -25,3 +25,24 @@

 # don't delete the 'COMMIT' line or these rules won't be processed
 COMMIT
+# BEGIN UFW AND DOCKER
+*filter
+:ufw6-user-forward - [0:0]
+:ufw6-docker-logging-deny - [0:0]
+:DOCKER-USER - [0:0]
+-A DOCKER-USER -j ufw6-user-forward
+
+-A DOCKER-USER -j RETURN -s fd00:dead:beef::/48
+
+-A DOCKER-USER -p udp -m udp --sport 53 --dport 1024:65535 -j RETURN
+
+-A DOCKER-USER -j ufw6-docker-logging-deny -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -d fd00:dead:beef::/48
+-A DOCKER-USER -j ufw6-docker-logging-deny -p udp -m udp --dport 0:32767 -d fd00:dead:beef::/48
+
+-A DOCKER-USER -j RETURN
+
+-A ufw6-docker-logging-deny -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW DOCKER BLOCK] "
+-A ufw6-docker-logging-deny -j DROP
+
+COMMIT
+# END UFW AND DOCKER

Backing up /etc/ufw/after6.rules to /etc/ufw/after6.rules-ufw-docker2023-03-19-214335
Please restart UFW service manually by using the following command:
sudo systemctl restart ufw

Run Nginx:

docker run --rm --name nginx -ti -p 8080:80 nginx

Allow rule:

ufw-docker allow nginx 80/tcp

allow nginx 80/tcp bridge
ufw route allow proto tcp from any to 172.17.0.2 port 80 comment allow nginx 80/tcp bridge
Rule added
allow nginx_IPv6 80/tcp bridge
ufw route allow proto tcp from any to fd00:dead:beef::242:ac11:2 port 80 comment allow nginx_IPv6 80/tcp bridge
Rule added (v6)

Try connect:

curl -v -6 <IPv6>:8080

Get the real IP of the requester in the Nginx logs:

reda:cted:reda:cted:5400:2ff:fef5:bac7 - - [19/Mar/2023:21:35:38 +0000] "GET / HTTP/1.1" 200 615 "-" "curl/7.68.0" "-"

@ghostiam ghostiam changed the title Add IPv6 support Add IPv6 support #8 Mar 19, 2023
@ghostiam ghostiam changed the title Add IPv6 support #8 Add IPv6 support (issue #8) Mar 19, 2023
@ghostiam ghostiam changed the title Add IPv6 support (issue #8) Add IPv6 support (fix #8) Mar 19, 2023
@ghostiam ghostiam changed the title Add IPv6 support (fix #8) Add IPv6 support Mar 19, 2023
@ghostiam ghostiam mentioned this pull request Mar 19, 2023
Open
@ghostiam ghostiam force-pushed the v6nat branch 2 times, most recently from 99b8c48 to 118f8d8 Compare March 19, 2023 22:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@ghostiam