Skip to main content
Redhat Developers  Logo
  • Products

    Featured

    • Red Hat Enterprise Linux
      Red Hat Enterprise Linux Icon
    • Red Hat OpenShift AI
      Red Hat OpenShift AI
    • Red Hat Enterprise Linux AI
      Linux icon inside of a brain
    • Image mode for Red Hat Enterprise Linux
      RHEL image mode
    • Red Hat OpenShift
      Openshift icon
    • Red Hat Ansible Automation Platform
      Ansible icon
    • Red Hat Developer Hub
      Developer Hub
    • View All Red Hat Products
    • Linux

      • Red Hat Enterprise Linux
      • Image mode for Red Hat Enterprise Linux
      • Red Hat Universal Base Images (UBI)
    • Java runtimes & frameworks

      • JBoss Enterprise Application Platform
      • Red Hat build of OpenJDK
    • Kubernetes

      • Red Hat OpenShift
      • Microsoft Azure Red Hat OpenShift
      • Red Hat OpenShift Virtualization
      • Red Hat OpenShift Lightspeed
    • Integration & App Connectivity

      • Red Hat Build of Apache Camel
      • Red Hat Service Interconnect
      • Red Hat Connectivity Link
    • AI/ML

      • Red Hat OpenShift AI
      • Red Hat Enterprise Linux AI
    • Automation

      • Red Hat Ansible Automation Platform
      • Red Hat Ansible Lightspeed
    • Developer tools

      • Red Hat Trusted Software Supply Chain
      • Podman Desktop
      • Red Hat OpenShift Dev Spaces
    • Developer Sandbox

      Developer Sandbox
      Try Red Hat products and technologies without setup or configuration fees for 30 days with this shared Openshift and Kubernetes cluster.
    • Try at no cost
  • Technologies

    Featured

    • AI/ML
      AI/ML Icon
    • Linux
      Linux Icon
    • Kubernetes
      Cloud icon
    • Automation
      Automation Icon showing arrows moving in a circle around a gear
    • View All Technologies
    • Programming Languages & Frameworks

      • Java
      • Python
      • JavaScript
    • System Design & Architecture

      • Red Hat architecture and design patterns
      • Microservices
      • Event-Driven Architecture
      • Databases
    • Developer Productivity

      • Developer productivity
      • Developer Tools
      • GitOps
    • Secure Development & Architectures

      • Security
      • Secure coding
    • Platform Engineering

      • DevOps
      • DevSecOps
      • Ansible automation for applications and services
    • Automated Data Processing

      • AI/ML
      • Data Science
      • Apache Kafka on Kubernetes
      • View All Technologies
    • Start exploring in the Developer Sandbox for free

      sandbox graphic
      Try Red Hat's products and technologies without setup or configuration.
    • Try at no cost
  • Learn

    Featured

    • Kubernetes & Cloud Native
      Openshift icon
    • Linux
      Rhel icon
    • Automation
      Ansible cloud icon
    • Java
      Java icon
    • AI/ML
      AI/ML Icon
    • View All Learning Resources

    E-Books

    • GitOps Cookbook
    • Podman in Action
    • Kubernetes Operators
    • The Path to GitOps
    • View All E-books

    Cheat Sheets

    • Linux Commands
    • Bash Commands
    • Git
    • systemd Commands
    • View All Cheat Sheets

    Documentation

    • API Catalog
    • Product Documentation
    • Legacy Documentation
    • Red Hat Learning

      Learning image
      Boost your technical skills to expert-level with the help of interactive lessons offered by various Red Hat Learning programs.
    • Explore Red Hat Learning
  • Developer Sandbox

    Developer Sandbox

    • Access Red Hat’s products and technologies without setup or configuration, and start developing quicker than ever before with our new, no-cost sandbox environments.
    • Explore Developer Sandbox

    Featured Developer Sandbox activities

    • Get started with your Developer Sandbox
    • OpenShift virtualization and application modernization using the Developer Sandbox
    • Explore all Developer Sandbox activities

    Ready to start developing apps?

    • Try at no cost
  • Blog
  • Events
  • Videos

How to configure Podman 4.0 for IPv6

August 10, 2022
Ranjith Rajaram
Related topics:
Linux
Related products:
Red Hat Enterprise Linux

Share:

    Podman is a major container platform, used by many developers in place of Docker. Podman v4.0 has extensive new support for the IPv6 address format. IPv6 networks with Network Address Translation (NAT) and port forwarding are now fully tested and supported in this latest version of the platform. You can also assign static IPv6 addresses to containers in these networks.

    Podman v4.0 is supported in versions 8.6 and 9 of Red Hat Enterprise Linux. This article shows you how to enable the new IPv6 support.

    Changes to Podman

    The reason you need to take special steps to enable IPv6 is that Podman went through a major architectural change in version 4.0. The new network stack, which has been rewritten from scratch in Rust, is composed of two tools:

    • Netavark: A network setup tool that configures network bridges, firewall rules, and system settings to give containers access to external networks
    • Aardvark: An authoritative DNS server for A and AAAA container records, enabling containers to resolve connections to other containers by their names or aliases.

    Both these tools work together to enable container networking with IPv6, but they are not enabled by default.

    For more information about the new network stack, please refer to the article Podman 4.0's new network stack: What you need to know.

    Note: Podman v4.0 performs several schema migrations in the Podman database during the first run. These schema migrations prevent Podman v3.x and earlier from reading some network configuration information from the database. Therefore, downgrading from Podman v4.0 to an earlier version will cause containers to lose their static IP, MAC address, and port bindings.

    Package installation and configuration

    If you're using Red Hat Enterprise Linux 8.6, you'll need to take a few additional steps to install the Netavark backend; in Red Hat Enterprise Linux 9, Netavark is installed along with the Podman package.

    Install Podman 4.0 on Red Hat Enterprise Linux 8.6

    Before upgrading the Podman package from v3.x to 4.x on RHEL 8.6, you should remove all non-default defined networks. You can recreate them after the package upgrade.

    On RHEL 8.6, by default Podman will use the Container Network Interface (CNI) backend. In order to use Netavark instead, you must explicitly mention it during installation, as follows:

    [root@atomic-test ~]# yum install podman netavark -y

    The Aardvark package will be installed as a dependency of the Netavark package, so you don't have to mention it in the command.

    Then copy the containers.conf file to /etc/containers/:

    [root@atomic-test ~]# cp /usr/share/containers/containers.conf /etc/containers/containers.conf

    Edit /etc/containers/containers.conf and find the following line under the [network] section:

    network_backend = "cni"

    Change that line to:

    network_backend = "netavark"

    You can issue the following commands to verify that Podman will use the Netavark backend:

    [root@atomic-test ~]# podman info |grep -i networkbackend
    networkBackend: netavark
    [root@atomic-test ~]# cat /var/lib/containers/storage/defaultNetworkBackend
    netavark

    Install Podman 4.0 on Red Hat Enterprise Linux 9

    If you're using RHEL 9, the process is much simpler. The Netavark backend is installed along with Podman with the following command:

    
    [root@atomic-test ~]# yum install podman -y
    
    

    The Netavark and Aardvark packages are installed as dependencies of Podman, so you don't have to mention them in the command. And Podman uses Netavark as the network backend by default in RHEL 9, so no further configuration is required.

    Create an interface that supports the dual IPv4/IPv6 stack

    The default bridge, podman0, supports only the IPv4 stack, and DNS is disabled. A look at the default stack shows that IPv6 and DNS are disabled:

    # podman network inspect podman
    [
        {
             "name": "podman",
             "id": "2f259bab93aaaaa2542ba43ef33eb990d0999ee1b9924b557b7be53c0b7a1bb9",
             "driver": "bridge",
             "network_interface": "podman0",
             "created": "2022-06-24T18:49:34.800035098+05:30",
             "subnets": [
                  {
                       "subnet": "10.88.0.0/16",
                       "gateway": "10.88.0.1"
                  }
             ],
             "ipv6_enabled": false,
             "internal": false,
             "dns_enabled": false,
             "ipam_options": {
                  "driver": "host-local"
             }
        }
    ]

    You must therefore create a new bridge that supports IPv6 addresses and DNS. Here, we'll name this bridge podman1:

    [root@atomic-test ~]# podman network create --ipv6  podman1

    Examine the new bridge by issuing this command:

    [root@atomic-test ~]# podman network inspect podman1

    This snippet from the output shows the use of IPv6:

                  {
                       "subnet": "fd96:7c2e:b8d2:bf65::/64",
                       "gateway": "fd96:7c2e:b8d2:bf65::1"
                  }
             ],
             "ipv6_enabled": true,

    Now create a network interface by specifying the network range for both IPv4 and IPv6:

    [root@atomic-test ~]# podman network create --ipv6 --gateway fd00::1:8:1 --subnet fd00::1:8:0/112 --gateway 10.90.0.1 --subnet 10.90.0.0/16 podman1

    Attach a pod to the Podman network interface

    Podman is now configured to handle pods using IPv6. Run a sample pod as follows:

    [root@atomic-test ~]# podman run --network podman1 -d -p 8080:80 docker.io/fedora/apache

    Expose the pod with a static IPv6 address, using the new --ip6 option:

    [root@atomic-test ~]# podman run --network podman1 -d --ip6 fd00::1:8:9 -p 8080:80 docker.io/fedora/apache

    Port mapping

    To make the container service reachable from an outside network, Netavark creates appropriate masquerade rules in iptables. For the static pod created in the previous section, let's take a quick look at the associated DNAT rules using the following ip6tables command on a system that has the iptables package installed. 

    
    ip6tables -t nat -L -n -v
    
    

    The output should look like this:

    Chain PREROUTING (policy ACCEPT)
    target     prot opt source               destination
    NETAVARK-HOSTPORT-DNAT  all      ::/0                 ::/0                 ADDRTYPE match dst-type LOCAL
    
    Chain NETAVARK-HOSTPORT-DNAT (2 references)
    target     prot opt source               destination
    NETAVARK-DN-F11DC6A6D09CF  tcp      ::/0                 ::/0                 tcp dpt:8080 /* dnat name: podman1 id: 8de28bebed939bb6449fe3d97cce5ae2e4a785462bb9ffa8d1417143f809bff0 */
    
    Chain NETAVARK-DN-F11DC6A6D09CF (1 references)
    target     prot opt source               destination
    NETAVARK-HOSTPORT-SETMARK  tcp      fd00::1:8:0/112      ::/0                 tcp dpt:8080
    NETAVARK-HOSTPORT-SETMARK  tcp      ::1                  ::/0                 tcp dpt:8080
    DNAT       tcp      ::/0                 ::/0                 tcp dpt:8080 to:[fd00::1:8:9]:80

    When a packet destined for container port 8080 enters the host network, the packet is first processed by the iptables PREROUTING chain. Packets are then further processed by the NETAVARK-HOSTPORT-DNAT chain (the only custom chain defined in the PREROUTING chain). Depending on the port used, packets are further processed by the port-specific DNAT chain NETAVARK-DN-F11DC6A6D09CF defined in NETAVARK-DN-F11DC6A6D09CF. Packets are then sent to the appropriate container.

    Aardvark DNS server

    Aardvark keeps track of the containers and their assigned IP addresses based on the network interface to which the pod has been attached. Containers attached to the same network are resolvable using their names.

    The following example uses the podman1 bridge we previously created:

    [root@atomic-test ~]# ls /run/containers/networks/aardvark-dns/
    aardvark.pid podman
    

    Like DNS zone records, Aardvark keeps track of what is similar to DNS A/AAA records. The mapping of container names to IP addresses is stored in this file. If a container is not reachable using its container name, you can refer to this file to see if a record has been created for that container.

    The /run/containers/networks/aardvark-dns/podman1 file shows DNS records for podman1:

    fd00::1:8:1
    0f6d61bb7f6e8dcb4b8586ebc90d699b0e988406240419e8e48e1082ffd00451  fd00::1:8:2 goofy_cannon,0f6d61bb7f6e
    0f6d61bb7f6e8dcb4b8586ebc90d699b0e988406240419e8e48e1082ffd00451 10.90.0.2  goofy_cannon,0f6d61bb7f6e
    75647734d979ab6ded5636741ccd794fd1845fe0d5ef7161071fe9bd93d7f1fa  fd00::1:8:9 test1,75647734d979
    75647734d979ab6ded5636741ccd794fd1845fe0d5ef7161071fe9bd93d7f1fa 10.90.0.3  test1,75647734d979
    e394edc2e5bda1e790785d07eb32f8ec72e010f0dac5978e2152df472291d715  fd00::1:8:10 test2,e394edc2e5bd
    e394edc2e5bda1e790785d07eb32f8ec72e010f0dac5978e2152df472291d715 10.90.0.4  test2,e394edc2e5bd

    Whenever a pod is deleted, Aardvark removes the entry from its database.

    Rootless containers

    Rootless containers continue to use the slirp4netns service for communication. To expose the container service externally, slirp4netns listens on the host network according to the port mapping configuration. The Podman community is working to improve support for IPv6 when using rootless Podman.

    By default, when a Podman container is started, it does not get an IP address. Containers within the host should be reachable using the mapped port in the format host_ip:port.

    For rootless containers, you can define custom Podman network interfaces as the rootless user and then attach the pod to them. Containers attached to the same custom network should be reachable within the host using the rootless container IP address.

    To enable IPv6 addresses with a custom network, enter:

    [awx@atomic-test ~]$ podman network create --ipv6 redhat  

    Inspect the newly created redhat interface as follows:

    [awx@atomic-test ~]$ podman network inspect redhat
    [
        {
             "name": "redhat",
             "id": "262e49487783d58774dfa5f581e07849583558c059416d014774317ffc4190a7",
             "driver": "bridge",
             "network_interface": "podman1",
             "created": "2022-06-29T05:30:24.968361698-04:00",
             "subnets": [
                  {
                       "subnet": "10.89.0.0/24",
                       "gateway": "10.89.0.1"
                  },
                  {
                       "subnet": "fd25:1552:57a6:f8ee::/64",
                       "gateway": "fd25:1552:57a6:f8ee::1"
                  }
             ],
             "ipv6_enabled": true,
             "internal": false,
             "dns_enabled": true,
             "ipam_options": {
                  "driver": "host-local"
             }
        }
    ]

    Attach a rootless container to the custom network with a static IPv6 address as follows:

    [awx@atomic-test ~]$ podman run --network redhat  -d --ip6 fd25:1552:57a6:f8ee::10 -p 8081:80 docker.io/fedora/apache

    Rootless containers attached to the same custom network should be reachable by their own IP address or by a static IP address. External communication for such containers will continue to be handled by slirp4netns.

    Aardvark DNS is enabled only for custom network interfaces, created using podman network create. Aardvark takes care of resolution for rootless containers using their respective container names attached to the same custom network interface.

    More in Podman 4.0

    Along with IPv6 support, the new network stack included with Podman v4.0 features improved support for containers in multiple networks and improved performance. Podman also continues to support the CNI stack. There are several other features which are not discussed here, such as the podman network connect command, which allows you to connect a running container to another network. So explore the shiny new network stack, and leave a comment on this article if you have thoughts about the improvements in IPv6 support.

    Last updated: August 14, 2023

    Recent Posts

    • Build container images in CI/CD with Tekton and Buildpacks

    • How to deploy OpenShift AI & Service Mesh 3 on one cluster

    • JVM tuning for Red Hat Data Grid on Red Hat OpenShift 4

    • Exploring Llama Stack with Python: Tool calling and agents

    • Enhance data security in OpenShift Data Foundation

    What’s up next?

    podman basics cheat sheet cover

    Podman is one of the next-generation container tools (along with buildah and skopeo) included in Red Hat Enterprise Linux 7 and RHEL 8. The Podman Basics Cheat Sheet covers all of the commands that focus on images, containers, and container resources.

    Get the cheat sheet
    Red Hat Developers logo LinkedIn YouTube Twitter Facebook

    Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform

    Build

    • Developer Sandbox
    • Developer Tools
    • Interactive Tutorials
    • API Catalog

    Quicklinks

    • Learning Resources
    • E-books
    • Cheat Sheets
    • Blog
    • Events
    • Newsletter

    Communicate

    • About us
    • Contact sales
    • Find a partner
    • Report a website issue
    • Site Status Dashboard
    • Report a security problem

    RED HAT DEVELOPER

    Build here. Go anywhere.

    We serve the builders. The problem solvers who create careers with code.

    Join us if you’re a developer, software engineer, web designer, front-end designer, UX designer, computer scientist, architect, tester, product manager, project manager or team lead.

    Sign me up

    Red Hat legal and privacy links

    • About Red Hat
    • Jobs
    • Events
    • Locations
    • Contact Red Hat
    • Red Hat Blog
    • Inclusion at Red Hat
    • Cool Stuff Store
    • Red Hat Summit
    © 2025 Red Hat

    Red Hat legal and privacy links

    • Privacy statement
    • Terms of use
    • All policies and guidelines
    • Digital accessibility

    Report a website issue