Hi Daniel,

Thank you for your response. I have raised a bug in github to address this.
https://github.com/containers/libpod/issues/6139

 

The firewall is not blocking any connections to the port and still I am facing this issue.

 

Chain INPUT (policy ACCEPT 109 packets, 6700 bytes)

pkts bytes target     prot opt in     out     source               destination

    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8080

    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8000

 

Chain FORWARD (policy DROP 15 packets, 780 bytes)

pkts bytes target     prot opt in     out     source               destination

   30  1560 CNI-FORWARD  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* CNI firewall plugin rules */

   30  1560 DOCKER-USER  all  --  *      *       0.0.0.0/0            0.0.0.0/0

   30  1560 DOCKER-ISOLATION-STAGE-1  all  --  *      *       0.0.0.0/0            0.0.0.0/0

    0     0 ACCEPT     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED

    0     0 DOCKER     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0

    0     0 ACCEPT     all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0

    0     0 ACCEPT     all  --  docker0 docker0  0.0.0.0/0            0.0.0.0/0

 

Chain OUTPUT (policy ACCEPT 70 packets, 5720 bytes)

pkts bytes target     prot opt in     out     source               destination

 

Chain CNI-ADMIN (1 references)

pkts bytes target     prot opt in     out     source               destination

 

Chain CNI-FORWARD (1 references)

pkts bytes target     prot opt in     out     source               destination

   30  1560 CNI-ADMIN  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* CNI firewall plugin rules */

    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            10.88.0.12           ctstate RELATED,ESTABLISHED

    0     0 ACCEPT     all  --  *      *       10.88.0.12           0.0.0.0/0

 

Chain DOCKER (1 references)

pkts bytes target     prot opt in     out     source               destination

 

Chain DOCKER-ISOLATION-STAGE-1 (1 references)

pkts bytes target     prot opt in     out     source               destination

    0     0 DOCKER-ISOLATION-STAGE-2  all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0

   30  1560 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

 

Chain DOCKER-ISOLATION-STAGE-2 (1 references)

pkts bytes target     prot opt in     out     source               destination

    0     0 DROP       all  --  *      docker0  0.0.0.0/0            0.0.0.0/0

    0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

 

Chain DOCKER-USER (1 references)

pkts bytes target     prot opt in     out     source               destination

   30  1560 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

 

 

Kind Regards,

Navdeep

 

 

Hi guys,

I am seeing a behavior:
When I run a container without root, I can reach the exposed ports from outside the host machine. But, when I run the same container using root access, I can't reach the port from outside.Is this an expected behavior. If yes, please help me how can I access the ports outside host while running using root access:
I am using following command:

podman run -dit -p=8000:8000 --privileged --name coa apache:latest

 

Kind Regards,

Navdeep

_______________________________________________

Podman mailing list -- podman@lists.podman.io

To unsubscribe send an email to podman-leave@lists.podman.io

I would expect them to behave the same, and in neither case be accessible from outside of the machine.

We believe that modifications of the firewall rules should be done by the admin and not be done by podman for external access to ports.