By default, a docker container is behind NAT, and thus has no IPv6.
If the host has IPV6, and you want IPv6 inside the docker docker container, in the container startup, use
--network host
so for example:
docker run -it --network host ubuntu:latest /bin/bash
... and then the docker container has the same IP addresses as the host, thus also IPv6.
People often confuse "IPv6" with "IPv6-only". And then state wrong statements. Pity.
But, hey, Let's try what you happens when you go IPV6-only. So let's turn off IPv4.
On Ubuntu, you can do it like this:
sudo nm-connection-editor
In there, go to your active Wifi network, then go to the tab IPv4 Settings. At Method, select "Disabled". Click Save.
To activate it, disable Wifi, and enable Wifi. And ... bingo ... IPv6-only!
Results:
Ubuntu works
Google, Microsoft and Facebook work
x.com results in a webpage with an error
A lot of Netherlands government sites work
KLM works, Transavia not
Smaller sites don't work
On Windows, you can see the amount of IPv6 packets:
PS C:\> netsh interface ipv6 show ipstats | find /i """Receives"""
In Receives: 3606021
... and IPv4 packets:
PS C:\> netsh interface ipv4 show ipstats | find /i """Receives"""
In Receives: 71758
So, safely assuming IPv6 and IPv4 have about the same mean packet size, 98% of my traffic is IPv6 traffic.
Note: These are packets. To get an indication of the amount of bytes, multiply with something between 1200 and 1500 (= bytes per packet). The above 3606021 IPv6 packets means about 4.3 GB in bytes IPv6 traffic.
With NAT444 / CGNAT, different users share one IPv4 address. So only logging the IPv4 address is not enough to find the specific user; you need to log the source port too. I guess legal intercept logging can then find the individual user.
So ... how do you let Apache webserver log the source IP address plus the source port? Answer: on Ubuntu, in the file /etc/apache2/apache2.conf, as root change the line
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h:%{remote}p %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
So instead of only the remote IP address %h , the IP address plus the source port :%{remote}p is logged.
Example result from /var/log/apache2/access.log
18.12.12.65:63022 - - [18/Jul/2022:18:16:10 +0200] "GET /dump/ HTTP/1.1" 200 1571 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36"
The source port is 63022
Op Videoland kreeg ik foutmelding "Oeps, we konden de video niet afspelen. Het starten van de video is mislukt. Playservice error.".
Oorzaak gevonden: mijn IPv6-tunnel via Hurricane Electric. Na het uitschakelen van de IPv6-tunnel kon ik wel Videoland kijken.
Gokje: Videoland beschouwt the IPv6-tunnel als buiten-EU / buiten-Nederland, en weigert daarom met die cryptische melding om af te spelen. En nettere foutmelding (bijv: "u / uw IP-adres xyz komt van buiten de EU, daarom spelen we niet af") zou duidelijker zijn.
Oeps, we konden de video niet afspelen
Het starten van de video is mislukt.
Playservice error
PCExtreme offers "Standard Server 1GB IPv6 only" for only €1 ex VAT per month. See https://www.pcextreme.com/cloud-servers/standard
I wanted to try that out, because: how does IPv6-only work in practice? Is that working in 2022?
So I bought a VPS, and now I'm a bit disappointed: the VPS does have IPv4 after all. It's behind NAT. Just like a device on a home LAN with an ISP connection.
However, some of my IPv4 traffic failed, like git connections to special git ports (no problem via https). So I did some research by trying to connect to outside ports
Some checks: HTTP and HTTPS are both allowed:
port 80 is allowed
port 443 is allowed
SMTP Port 25 is of course not possible:
port 25 not reached
Other ports ... to find out.
