I was planning to use nextcloud and shinobi on a notebook connected 24 hours a day to my network, using docker desktop, but I ran into a problem with IP NAT, and so I couldn’t access my nextcloud or shinobi from outside my internal network. I tried on Windows and Linux. I tried using IPV6 too but I couldn’t get it to work. My question is: How can small users like me use Docker with this NAT problem? Nowadays most providers use NAT and this prevents external access. I don’t have deep knowledge in this area. If anyone can help me find a solution I would appreciate it.

The core issue is not really about docker mechanics. The same problem exists, if you try to expose a service that runs on your host,

If you google for “expose services with cgnat” there are dozens of video, and tutorials and discussions about it.

The part of the question I find interesting is: how to expose published container ports via GUA ipv6 of the host. Many routers still call it port forwarding even though there no such thing with ipv6, unless your router implement nat64 (which is frowned upon in the ipv6 community). In the ipv6 context, those are actually firewall allow rules. Is it safe to assume that you configured the allow rule, so that traffic to your host and the target port is allowed to pass through the router?

Thanks for your repply!

I think I’ll try again with IPV6. I remember having configured the firewall. I did tests with sites that test IPV4 and IPV6 connections, where IPV4 reports an error while IPV6 reports working. I think after 2 days of trying I ended up getting a bit frustrated.

I wanted to know if the solution for my case (small home servers) is really IPV6. If I fail, is there another way arround?

Thanks

I have the luxury to get a dual stack from my isp, so I never had the situation myself. With ipv6 things are slightly different: the wan ipv6 GUA of your router is irrelevant, you need to use the ipv6 GUA of your host. So if you use dyndns, the client must run on the host itself.

So the combination of opening the firewall port for the target host and port + running the dyndns client on the host itself is what you need to do at least. Additionally, it might be necessary to configure the Windows Firewall.

In your situation tunneling might be the easier approach:
This “awesome” page discusses it: GitHub - anderspitman/awesome-tunneling: List of ngrok/Cloudflare Tunnel alternatives and other tunneling software and services. Focus on self-hosting. and check

Like I already wrote: it is not a docker topic.