Docker Community Forums

Share and learn in the Docker community.

IPv6 with iptables and archlinux

Hi i want to ping a ipv6 address in a docker container with busybox

I got this result

My docker run --rm -t busybox ping6 -c 4 google.com
PING google.com (2a00:1450:400a:808::200e): 56 data bytes
ping6: sendto: Cannot assign requested address
cat /etc/docker/daemon.json
{
  "data-root": "/home/data/docker"
}
{
  "ipv6": true,
  "fixed-cidr-v6": ""2a02:168:a774::/64"
}
cat /etc/iptables/ip6tables.rules 
# Generated by ip6tables-save v1.8.7 on Sat Oct 30 15:02:35 2021
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -i enp2s0 -j ACCEPT
-A RH-Firewall-1-INPUT -i docker0 -j ACCEPT
-A RH-Firewall-1-INPUT -p icmpv6 -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d ff02::fb -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 32768:61000 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 32768:61000 ! --syn -j ACCEPT
# open port 53
-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -m udp -p udp --dport 53 -j ACCEPT
# open port 22
-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 22 -j ACCEPT
# open port ftp rtorrent speedtest tcp
-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 8080  -j ACCEPT
-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 55000:55111 -j ACCEPT
-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 50000:50010 -j ACCEPT
#open port speedtest rtorrent dns udp
-A RH-Firewall-1-INPUT -m udp -p udp --dport 546 -j ACCEPT
-A RH-Firewall-1-INPUT -m udp -p udp --dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -m udp -p udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -m udp -p udp --dport 6881 -j ACCEPT
-A RH-Firewall-1-INPUT -m udp -p udp --dport 8080 -j ACCEPT
# open port 80 & 443
-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp6-adm-prohibited
COMMIT
# Completed on Sat Oct 30 15:02:35 2021
# Generated by ip6tables-save v1.8.7 on Sat Oct 30 15:02:35 2021
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 2a02:168:a774::/64 ! -o docker0 -j MASQUERADE
COMMIT
# Completed on Sat Oct 30 15:53:25 2021
cat /etc/resolv.conf
# This is /run/systemd/resolve/stub-resolv.conf managed by man:systemd-resolved(8).
# Do not edit.
#
# This file might be symlinked as /etc/resolv.conf. If you're looking at
# /etc/resolv.conf and seeing this text, you have followed the symlink.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "resolvectl status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs should typically not access this file directly, but only
# through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
# different way, replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 127.0.0.53
options edns0 trust-ad
search home

The resolv.conf is managed by NetworkManager and has ipv4+ipv6 nameserver

What is wrong?