Gerben,
     I "think" we figured out the problem. A bunch of us on the podman team started hacking on it (thanks to Matt, Nalin, Matt, Brent, etc). I think we have a work around for now. We're still determining the longer term solution. I commented in the Stackoverflow, but copying here for ease:

=========================================================================================
I just tried this on RHEL 8 and I was able to reproduce this issue. We also figured out the issue (I think). Try the following:

sudo sysctl -w net.ipv4.ping_group_range="0 2147483647"

You might be being limited by the group range and /etc/subuid /etc/subgid:

https://man7.org/linux/man-pages/man7/icmp.7.html

I'm not sure what the long term solution is yet, but if this works, you can likely fix it with sysctl for now.

=========================================================================================

Best Regards
Scott M

On Wed, Oct 20, 2021 at 2:12 PM Gerben Venekamp <venekamp@gmail.com> wrote:
I am trying to setup networking in rootless containers. What I would like to have is both internal, i.e. container to container, and external, e.g. ping 8.8.8.8, inside a single container. I get internal working as well as external, however never both at the same time within a single container. I have raised this question on stackoverflow as well. The question on stackoverflow can be found at: https://stackoverflow.com/questions/69636101/how-to-setup-internal-and-external-networking-for-rootless-containers-with-podma

Regards,
Gerben
_______________________________________________
Podman mailing list -- podman@lists.podman.io
To unsubscribe send an email to podman-leave@lists.podman.io


-- 
--
18 ways to differentiate open source products from upstream suppliers: https://opensource.com/article/21/2/differentiating-products-upstream-suppliers 
--
Scott McCarty
Product Management - Containers, Red Hat Enterprise Linux & OpenShift
Email: smccarty@redhat.com
Phone: 312-660-3535
Cell: 330-807-1043
Web: http://crunchtools.com