Hello Hendrik,
So it looks like the port forwarding done by
podman always forwards the traffic as IPv4. Is that the correct?
Yes this is mostly correct, the rootlessport process forwards all traffic
to one ip address.
It uses the builtin port driver from the rootleskit repo here:
https://github.com/rootless-containers/rootlesskit/tree/master/pkg/port/b...
Podman can specify which ip is used for that. In the past 127.0.0.1 was used
but this caused security issues with some containers, see CVE-2021-20199
<
https://nvd.nist.gov/vuln/detail/CVE-2021-20199>.
Now this logic is used to get the ip:
https://github.com/containers/podman/blob/8e88abda85f7bf44b6857ad5d62c8ef...
So when the container only has ipv6 addresses it will use ipv6 to connect
to your service.
I think it is possible to support your use case, I recommend opening a
feature request for it on github.
There is also the slirp4netns port forwarder but this doesn't support ipv6
at all AFAIK so not suitable for this use case.
Paul
On Wed, Jun 22, 2022 at 7:24 PM Hendrik Haddorp <hendrik.haddorp(a)gmx.net>
wrote:
Hi,
I created a container that contains a service that is only listening for
tcp6 requests, so is IPv6 only. When starting the container rootless on
Fedora 36 with podman 4.1.0 I'm unable to connect to my service. However
when I start my service to listen just for tcp4 requests I can connect
to it using IPv4 and IPv6. So it looks like the port forwarding done by
podman always forwards the traffic as IPv4. Is that the correct? I could
not find any documentation on that. The problem looks however a bit like
https://github.com/containers/podman/issues/14491. That issue states
that there is a proxy (rootlessport) running that does the forwarding.
Are there more details available how this is done exactly?
Ideally I would like to be able to start a service that uses just tcp4
or tcp6 to only be accessible via tcp4 or tcp6. Podman should simply
keep the protocol when forwarding traffic and not translate it.
regards,
Hendrik
_______________________________________________
Podman mailing list -- podman(a)lists.podman.io
To unsubscribe send an email to podman-leave(a)lists.podman.io