[Podman] Problems with routing in rootless podman

Hello. We are running our application in rootless podman. After some random time (a couple of hours - a couple of weeks), we lose the network connectivity into the container. Everything seems to work fine from inside the container to the rest of the world (yum/dnf, ping, curl), but it looks like the routing stops working when someone calls from the outside. I set up a netcat listener (nc -lv), and called it on localhost (worked fine) and on the tap-interface (long delays if the packet ever returned). I also set up a tcpdump in a third screen – output below. bash-4.4$ podman --version podman version 4.2.0 bash-4.4$ uname -a Linux podman-container 5.4.17-2136.315.5.el8uek.x86_64 #2 SMP Wed Dec 21 19:38:18 PST 2022 x86_64 x86_64 x86_64 GNU/Linux bash-4.4$ cat /etc/os-release NAME="Oracle Linux Server" VERSION="8.7" ID="ol" ID_LIKE="fedora" VARIANT="Server" VARIANT_ID="server" VERSION_ID="8.7" PLATFORM_ID="platform:el8" PRETTY_NAME="Oracle Linux Server 8.7" ANSI_COLOR="0;31" CPE_NAME="cpe:/o:oracle:linux:8:7:server" HOME_URL="https://linux.oracle.com/" BUG_REPORT_URL="https://bugzilla.oracle.com/" ORACLE_BUGZILLA_PRODUCT="Oracle Linux 8" ORACLE_BUGZILLA_PRODUCT_VERSION=8.7 ORACLE_SUPPORT_PRODUCT="Oracle Linux" ORACLE_SUPPORT_PRODUCT_VERSION=8.7 # Testing communication using 'localhost' inside the container - works as expected [root@NC-Test_podman-container /]# nc -lv 10370 Listening on 0.0.0.0 10370 Connection received on localhost 47218 ping from server ping from client [root@NC-Test_podman-container /]# nc -v localhost 10370 nc: connect to localhost (::1) port 10370 (tcp) failed: Connection refused Connection to localhost (127.0.0.1) 10370 port [tcp/*] succeeded! ping from server ping from client # Testing communication using hostname - "some" packets arrives, but only after a random delay of about 30-600 seconds [root@NC-Test_podman-container /]# nc -lv 10370 Listening on 0.0.0.0 10370 server Connection received on podman-container 59258 client [root@NC-Test_podman-container /]# nc -v podman-container 10370 Connection to podman-container (10.11.12.102) 10370 port [tcp/*] succeeded! client server [root@NC-Test_podman-container base_domain]# tcpdump -vv -X host podman-container and port 10370 dropped privs to tcpdump tcpdump: listening on tap0, link-type EN10MB (Ethernet), capture size 262144 bytes 12:41:49.080602 IP (tos 0x0, ttl 64, id 61404, offset 0, flags [DF], proto TCP (6), length 47) podman-container.56372 > podman-container-oob.10370: Flags [P.], cksum 0xdb21 (correct), seq 2129174302:2129174309, ack 1071210498, win 65480, length 7 0x0000: 4500 002f efdc 4000 4006 7df1 0a00 0264 E../..@.@.}....d 0x0010: 0a31 b666 dc34 2882 7ee8 9f1e 3fd9 6002 .1.f.4(.~...?.`. 0x0020: 5018 ffc8 db21 0000 636c 6965 6e74 0a P....!..client. 12:41:49.080783 IP (tos 0x0, ttl 64, id 48821, offset 0, flags [none], proto TCP (6), length 40) podman-container-oob.10370 > podman-container.56372: Flags [.], cksum 0x2039 (correct), seq 1, ack 7, win 65535, length 0 0x0000: 4500 0028 beb5 0000 4006 ef1f 0a31 b666 E..(....@....1.f 0x0010: 0a00 0264 2882 dc34 3fd9 6002 7ee8 9f25 ...d(..4?.`.~..% 0x0020: 5010 ffff 2039 0000 P....9.. 12:42:28.673431 IP (tos 0x0, ttl 64, id 49091, offset 0, flags [none], proto TCP (6), length 40) podman-container-oob.10370 > podman-container.51394: Flags [F.], cksum 0xf92e (correct), seq 946730519, ack 2284994989, win 65535, length 0 0x0000: 4500 0028 bfc3 0000 4006 ee11 0a31 b666 E..(....@....1.f 0x0010: 0a00 0264 2882 c8c2 386d f617 8832 41ad ...d(...8m...2A. 0x0020: 5011 ffff f92e 0000 P....... 12:42:28.673436 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40) podman-container.51394 > podman-container-oob.10370: Flags [R], cksum 0x27c1 (correct), seq 2284994989, win 0, length 0 0x0000: 4500 0028 0000 4000 4006 6dd5 0a00 0264 E..(..@.@.m....d 0x0010: 0a31 b666 c8c2 2882 8832 41ad 0000 0000 .1.f..(..2A..... 0x0020: 5004 0000 27c1 0000 P...'... 12:44:28.693154 IP (tos 0x0, ttl 64, id 49943, offset 0, flags [none], proto TCP (6), length 47) podman-container-oob.10370 > podman-container.56372: Flags [P.], cksum 0xcadb (correct), seq 1:8, ack 7, win 65535, length 7 0x0000: 4500 002f c317 0000 4006 eab6 0a31 b666 E../....@....1.f 0x0010: 0a00 0264 2882 dc34 3fd9 6002 7ee8 9f25 ...d(..4?.`.~..% 0x0020: 5018 ffff cadb 0000 7365 7276 6572 0a P.......server. 12:44:28.693174 IP (tos 0x0, ttl 64, id 61405, offset 0, flags [DF], proto TCP (6), length 40) podman-container.56372 > podman-container-oob.10370: Flags [.], cksum 0x2070 (correct), seq 7, ack 8, win 65473, length 0 0x0000: 4500 0028 efdd 4000 4006 7df7 0a00 0264 E..(..@.@.}....d 0x0010: 0a31 b666 dc34 2882 7ee8 9f25 3fd9 6009 .1.f.4(.~..%?.`. 0x0020: 5010 ffc1 2070 0000 P....p.. Kind regards //Henrik