On 05/02/2022 09:30, lejeczek via Podman wrote:
On 02/02/2022 14:18, Daniel Walsh wrote:
> On 2/2/22 06:55, lejeczek via Podman wrote:
>> Hi guys.
>>
>> If I remember correctly both root full & less containers could
>> talk(cni net) to localhost which was the host itself - was the
>> removed recently or my memory fails me and that never worked? (if so
>> then why?)
>>
>> many thanks, L
>> _______________________________________________
>> Podman mailing list -- podman(a)lists.podman.io
>> To unsubscribe send an email to podman-leave(a)lists.podman.io
>
> Not sure what you mean by your question, but nothing has been removed.
>
>
> podman run --net=host ...
>
>
> Will allow the local network interfaces into the container.
What I remember - or think I do - worked was rootless(perhaps only
rootful?) container created - without specifying network and with only
one, default network in the system - was able to "talk" to the host
with '127.0.0.1'
I remember I had wordpress, nextcloud which I told to connect to
database on 127.0.0.1 and that was MySQL running on the _host_.
With '--net=host' port mapping is lost I understand, right?
Presently having one, default network in the rootless system, so:
[
{
"cniVersion": "0.4.0",
"name": "podman",
"plugins": [
{
"bridge": "cni-podman0",
"hairpinMode": true,
"ipMasq": true,
"ipam": {
"ranges": [
[
{
"gateway": "10.88.0.1",
"subnet": "10.88.0.0/16"
}
]
],
"routes": [
{
"dst": "0.0.0.0/0"
}
],
"type": "host-local"
},
"isGateway": true,
"type": "bridge"
},
...
and instantiating a container with or without specifying network does
not seem to work, no 'cni-podman0' gets created, but this does work
for rootful.
I remember thinking: that was cool, to have a container able to
communicate with host 127.0.0.1, best possible performance, right?
So currently if I want to have rootless container talk to 10.88.0.1 I
first have to have something rootful up & running.
many thanks, L
But - if anybody wonders the same about 'localhost' - similarly easy and
perhaps offers better than '127.0.0.1''s security - if that
'localhost'
worked - is to set up a 'dummy' iface on the host, perhaps for
containers only.
thanks, L.