Thank you very much for your work!

Is it possible to define the outbound ipv6 address for a network / container?

The inbound definition works fine, but if my container connects to a remote host, it seems the first ipv6 address found is used to create the connection.
This is unfortunate, because in case of a mail server, the sending ip might not get validated by a SPF record.

This is solveable by adjusting the SPF record (permitting all assigned ipv6 addresses or the whole subnet), but it would be nice to have control over which ip address is used for outgoing traffic.

I think this is the way it works by default. Depending on your default route, you usually have 1 IP which is used for outgoing traffic.

In my setup, I have only 1 IPv4 and 1 IPv6 address, which is why I use IPv6 NAT. I'm therefore not sure how Docker handles it with multiple IPv4 addresses, but I would think it works the same (Docker just creates the necessary iptables rules, which is what ipv6nat also does for ip6tables).

Thank you for your reply. I understand, that this is no ipv6nat issue.

This is the corresponding docker feature request: moby/moby#30053

There is a way to solve it, if one creates his own iptables rules, but yet there is no configuration setting to have docker handle it automatically.

Thanks for the info! I've just subscribed to the issue.

I'd like to mirror docker as much as possible, so if this ever gets Docker support, I will look into getting it into ipv6nat.