I'd like to use containers for services that overlap in the ports they
use. For example, I'd like to run FreeIPA and also a caching DNS
server. (Or FreeIPA with Windows auth and Samba, which both use 137-139
My preferred setup for this is bridged networking without NAT, and I've
got that set up. I manually configured a bridge device with the
Ethernet interface as a member, and I've configured a CNI network with
"host-local" IPAM. I can create containers attached to that network,
and they'll get an address that's on the host's network. Clients can
connect to them. All of that is working as expected.
However, especially in the case of running a DNS server, I'd really like
to have a fixed address for the container, and I don't see a way to do
that (other than creating another network definition with "static" IPAM,
which would require a network definition for every container with a
fixed address). The documentation for podman-run says that --ip can't
be used when a container is joined to an "additional" network, and I
don't understand that. The container is only connected to one network,
as indicated by the output of "podman inspect".
So, to the question in the subject, why is --ip only allowed on the
default network? Is there any other mechanism for assigning a fixed IP
address to a container that's on a user-defined network?
On 5/8/20 09:18, Navdeep Uniyal wrote:
> Hi guys,
> I am seeing a behavior:
> When I run a container without root, I can reach the exposed ports
> from outside the host machine. But, when I run the same container
> using root access, I can't reach the port from outside.Is this an
> expected behavior. If yes, please help me how can I access the ports
> outside host while running using root access:
> I am using following command:
> podman run -dit -p=8000:8000 --privileged --name coa apache:latest
> Kind Regards,
> Podman mailing list -- podman(a)lists.podman.io
> To unsubscribe send an email to podman-leave(a)lists.podman.io
I would expect them to behave the same, and in neither case be
accessible from outside of the machine.
We believe that modifications of the firewall rules should be done by
the admin and not be done by podman for external access to ports.
I am seeing a behavior:
When I run a container without root, I can reach the exposed ports from outside the host machine. But, when I run the same container using root access, I can't reach the port from outside.Is this an expected behavior. If yes, please help me how can I access the ports outside host while running using root access:
I am using following command:
podman run -dit -p=8000:8000 --privileged --name coa apache:latest
Same for me on Fedora 31. Authentication via podman doesn't work for
container-registry.oracle.com. With docker - works via sudo only. Without
sudo I get
"open /etc/docker/certs.d/container-registry.oracle.com: permission denied"