Is there a way I can tell docker to only bind redirected ports to IPv4 interfaces? I believe that while IPv6 is disabled on all interfaces, it is not disabled on the whole machine. In other words, even if there is no IPv6 interface or address present at the moment, there might be one in the future. So when Docker tells to the kernel 'please bind my sockets to all available addresses', it will include IPv6.

When you try to connect to your IPv4 address (e.g. 127.0.0.1:8000) does it work or not?

Now that Docker for Mac uses localhost instead of an IP, should communication. And non-docker containers be possible using localhost for all? (localhost:8000 for example) or can they only use the compose name. (Unless you're running a container with --net host, which is odd on Docker for Mac.). Docker Compose relies on Docker Engine for any meaningful work, so make sure you have Docker Engine installed either locally or remote, depending on your setup. On desktop systems like Docker for Mac and Windows, Docker Compose is included as part of those desktop installs.

• If it doesn't work, it is indeed a serious bug! • If it works, then can you explain why the behavior is a problem, so we can find the best fix?

I have installed it on clean Centos 6.5. And Docker works out-of-the box (epel installs Docker version 0.7.0, build 0ff9bc1/0.7.0). But my containers only bind on the IPv6 side, not on IPv4. From on linux, by default, net.ipv6.bindv6only is 0, so ipv4 packets could also be received from ipv6 sockets with ipv4-mapped ipv6 address.

Thus you only need to listen on tcp6 socket and we can support both ipv4 and ipv6. If you want explicitly only listen on ipv4 port, you will have to use net.Listen('tcp4', '0.0.0.0:3000') and then pass the listener to http.Serve. This is why binding to the IPv6 loopback also binds to the IPv4 loopback (though netstat won't show it). Most of the work is done by the iptables -t nat stuff anyway. I think (from memory) you can force the binding to IPv4 in the proxy setup function.

On my server the NAT rules change the target address and forwards the packet that way. Nothing is actually using the proxy port. So I still think any issues people are having are caused by something else like firewall rules. With net.ipv6.conf.all.forwarding=1 it works for me now and net.ipv6.bindv6only=0 on my system. Netstat still shows only tcp6 bind but curl to the ipv4 ip works, so forwarding does the job. Reply to this email directly or view it on GitHub.

For the record, this is my configuration: vagrant@vagrant-ubuntu-saucy-64:~$ sysctl net.ipv6.bindv6only net.ipv6.bindv6only = 0 vagrant@vagrant-ubuntu-saucy-64:~$ sysctl net.ipv6.conf.all.forwarding net.ipv6.conf.all.forwarding = 1 vagrant@vagrant-ubuntu-saucy-64:~$ uname -a Linux vagrant-ubuntu-saucy-64 3.11.0-15-generic #25-Ubuntu SMP Thu Jan 30 17:22:01 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux vagrant@vagrant-ubuntu-saucy-64:~$ cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=13.10 DISTRIB_CODENAME=saucy DISTRIB_DESCRIPTION='Ubuntu 13.10'. I just ran into this problem with docker 0.9.0 on boot2docker 0.7.0. Cannot access a container (jenkins) on port 8080 using ipv4. Even from the localhost. You mean jenkins is binding to 127.0.0.1 within the container?

This is not the case. I can run the jenkins container on my Arch Linux system and the same test succeeds. I also ran netstat -tapn within my jenkins container. It binds to IPv6 for all addresses. Root@d26504ec7def:/# netstat -tapn Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 15/sshd tcp6 0 0:::8080:::* LISTEN 20/java tcp6 0 0:::22:::* LISTEN 15/sshd The fact that the same container works on Arch Linux, but not on boot2docker Linux indicates that something may not be configured correctly in boot2docker. What that misconfiguration is, I don't know.