How to bridge IPv4-Only Clients to an IPv6-Only Server?

Question

I need help with networking, docker and ipv6.

Here is my setup:

• Server A: IPv4-only
• Server B: Dual-stack (IPv4/IPv6) (This is my dedicated server with a provider-assigned ipv6 addresss)
• Server C: IPv6-only

I want to allow clients on IPv4-only networks to access websites hosted on Server C by routing traffic through Server B, which supports both stacks.

I understand that IPv4 and IPv6 are completely different protocols, so they cannot communicate directly. Given that Server B is dual-stack, I assumed I could use it as a proxy to bridge the two networks by receiving IPv4 traffic and forwarding it to Server C over IPv6.

Is a reverse proxy the best approach for this, or are there better alternatives?

What I Have Tried:

1. Enabled IPv6 in Docker by adding this to /etc/docker/daemon.json:

   { "ipv6": true } 

2. Defined a reverse proxy configuration (example for Nginx):

   server { listen 80; listen [::]:80; server_name service.C.server.com; location / { proxy_pass http://[IPv6-Address-of-C]; } } 

3. Created a Docker Compose file to include an IPv6-enabled network:

   version: '3.0' services: swag: image: lscr.io/linuxserver/swag:latest container_name: swag cap_add: - NET_ADMIN environment: PUID: 1000 GUID: 1000 env_file: - common.env - env volumes: - ./config:/config ports: - 443:443 - 80:80 - 81:81 restart: unless-stopped networks: - docker-proxy_network - ip6net networks: docker-proxy_network: external: true ip6net: enable_ipv6: true ipam: config: - subnet: 2001:db8::/64 

Once I add the IPv6 network (ip6net), my container loses all network connectivity and cannot reach any external IPv6 addresses. But i find it logical because this is a random address and it is not related to the actual address of my server but I cannot assign the network to my actual IPv6 pool because Docker throws this error:

failed to create network swag_ip6net: Error response from daemon: Pool overlaps with other one on this address space 

At this point, I wonder if it's really that simple: just an IPv6 and Nginx configuration issue ? I can reach server C from server B through ipv6 but I can't do that from a docker container.

Any help would be greatly appreciated!

Answer 1

You cannot route an IPv4 connection to an IPv6 network. You have to terminate the IPv4 connection on a dual stack host (your Server B) and start a new IPv6 connection from there. A reverse proxy is indeed the best approach for achieving that.

Alternatively, if you want to use a routed connection to the destination server then you need to IPv6 enable the network to which the source server is connected. It is not enough to assign the server itself some arbitrary IPv6 address. You need to allocate a unique /64 address range to the network and provide a router which can forward IPv6 packets between that network and the rest of the world.

Answer 2

I have made something that work enough for me. I managed to get it working the way I want by using nginx as reverse proxy, but directly on the host and not inside a container. I realize that my question was maybe not clear enough. My goal was in fact to allow dual-stack routing using a reverse-proxy executed inside a docker container.