I believe that while IPv6 is disabled on all interfaces, it is not disabled on the whole machine. In other words, even if there is no IPv6 interface or address present at the moment, there might be one in the future. So when Docker tells to the kernel "please bind my sockets to all available addresses", it will include IPv6.

When you try to connect to your IPv4 address (e.g. 127.0.0.1:8000) does it work or not?

• If it doesn't work, it is indeed a serious bug!
• If it works, then can you explain why the behavior is a problem, so we can find the best fix?

Thank you!

No I can't connect on 127.0.0.1:8000. The lsof list there is complete and nothing from docker is binded to an IPv4 interface. This was on Ubuntu 13.04 64-bit.

OK! I was asking because on my machine, many sockets show as IPv6 even though IPv4 works fine. Thanks for the precision. We'll try to reproduce here.

I ran all the above on Digital Ocean on their Ubuntu 13.04 x64 image (#350076).

[SOLVED] pebcak, picnic.

I'm hitting this too. (frowny)

uname -a

Linux d08-00-27-49-4f-76 3.8.0-29-generic #42~precise1-Ubuntu SMP Wed Aug 14 16:19:23 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux

docker -v

Docker version 0.6.4, build 2f74b1c

cat /etc/issue

Ubuntu 12.04.3 LTS \n \l

I was stupidly trying to attach to the port running in the container, not the port on the host OS.

@marklit Are you still encountering this issue with a newer version of docker ? We made a lot of fixes to the networking stack.

Still happening on 0.7.1.

I have installed it on clean Centos 6.5. And Docker works out-of-the box (epel installs Docker version 0.7.0, build 0ff9bc1/0.7.0).

But my containers only bind on the IPv6 side, not on IPv4.

# netstat -ntple
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       User       Inode      PID/Program name
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      0          7904       898/sshd
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      0          8151       926/sendmail
tcp        0      0 :::80                       :::*                        LISTEN      0          8760       966/docker
tcp        0      0 :::22                       :::*                        LISTEN      0          7906       898/sshd
tcp        0      0 :::443                      :::*                        LISTEN      0          8755       966/docker
# docker ps
CONTAINER ID        IMAGE                     COMMAND             CREATED             STATUS              PORTS                                      NAMES
51bd237afd47        proxy:latest              nginx               14 minutes ago      Up 12 minutes       0.0.0.0:443->443/tcp, 0.0.0.0:80->80/tcp   lb0
#  uname -a                                                                                                                                                                  
Linux docker0 2.6.32-431.1.2.0.1.el6.x86_64 #1 SMP Fri Dec 13 13:06:13 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux

If you need extra information, or a test machine. Let me know.

Using Docker version 0.7.1, build 8088bc1/0.7.1. I get the same, except it all works with IPv4.

e.g. If I were to do 'telnet -4 localhost 80' in the example above it would connect through. It doesn't work for external connections, but I think that is a different issue.

I have the same problem with Version 0.7.3 that after starting boot2docker only adding 0.0.0.0 works:
docker run -d -p 0.0.0.0::11211 mc

this does not work:
docker run -d -p 11211 mc

in both cases the result from docker ps is `0.0.0.0:49154->11211/tcp'
and netstat shows that there was only an IP6 Binding:

sudo netstat -ntple
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      520/sshd
tcp        0      0 :::49153                :::*                    LISTEN      684/docker
tcp        0      0 :::4243                 :::*                    LISTEN      684/docker
tcp        0      0 :::22                   :::*                    LISTEN      520/sshd

the funny thing is that any further process started will work with docker run -d -p 11211 mc

From https://groups.google.com/d/msg/golang-nuts/F5HE7Eqb6iM/q_um2VqT5vAJ

on linux, by default, net.ipv6.bindv6only is 0, so ipv4 packets could also be received from
ipv6 sockets with ipv4-mapped ipv6 address. thus you only need to listen on tcp6 socket
and we can support both ipv4 and ipv6.

if you want explicitly only listen on ipv4 port, you will have to use net.Listen("tcp4", "0.0.0.0:3000")
and then pass the listener to http.Serve.

This is why binding to the IPv6 loopback also binds to the IPv4 loopback (though netstat won't show it). Most of the work is done by the iptables -t nat stuff anyway.

FWIW, I found this issue trying to figure out why a port mapping wouldn't work from my host OS (host -> vagrant -> docker container). I tried another box and it worked even though I only had the tcp6 port listed in netstat. Thinking something else may be happening here but not sure what.

UPDATE: yeah, just destroyed and recreated the VM and now it's fine. Yay computers ;)

Having same issue with 0.7.6 are there any workarounds?