Hi lejeczek, Are your trying to access a process listening on localhost from outside with configured iptables / nftables PREROUTING? That works / doesn't work on different distributions since they have different default configuration for net.ipv4.conf.ens3.route_localnet. More info: https://superuser.com/questions/661772/iptables-redirect-to-localhost Kind regards, Rudolf Vesely ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Wednesday, February 2nd, 2022 at 2:18 PM, Daniel Walsh <dwalsh(a)redhat.com&gt; wrote: > On 2/2/22 06:55, lejeczek via Podman wrote: > > > Hi guys. > > > > If I remember correctly both root full & less containers could > > > > talk(cni net) to localhost which was the host itself - was the removed > > > > recently or my memory fails me and that never worked? (if so then why?) > > > > many thanks, L > > > > Podman mailing list -- podman(a)lists.podman.io > > > > To unsubscribe send an email to podman-leave(a)lists.podman.io > > Not sure what you mean by your question, but nothing has been removed. > > podman run --net=host ... > > Will allow the local network interfaces into the container. > > Podman mailing list -- podman(a)lists.podman.io > > To unsubscribe send an email to podman-leave(a)lists.podman.io

On 02/02/2022 14:18, Daniel Walsh wrote: What I remember - or think I do - worked was rootless(perhaps only rootful?) container created - without specifying network and with only one, default network in the system - was able to "talk" to the host with '127.0.0.1' I remember I had wordpress, nextcloud which I told to connect to database on 127.0.0.1 and that was MySQL running on the _host_. With '--net=host' port mapping is lost I understand, right? Presently having one, default network in the rootless system, so: [     {         "cniVersion": "0.4.0",         "name": "podman",         "plugins": [             {                 "bridge": "cni-podman0",                 "hairpinMode": true,                 "ipMasq": true,                 "ipam": {                     "ranges": [                         [                             {                                 "gateway": "10.88.0.1",                                 "subnet": "10.88.0.0/16"                             }                         ]                     ],                     "routes": [                         {                             "dst": "0.0.0.0/0"                         }                     ],                     "type": "host-local"                 },                 "isGateway": true,                 "type": "bridge"             }, ... and instantiating a container with or without specifying network does not seem to work, no 'cni-podman0' gets created, but this does work for rootful. I remember thinking: that was cool, to have a container able to communicate with host 127.0.0.1, best possible performance, right? So currently if I want to have rootless container talk to 10.88.0.1 I first have to have something rootful up & running. many thanks, L

Hi Lejeczek, You can try to rule out localhost issues by: sudo ip link add mytest1 type dummy sudo ip link set mytest1 up sudo ip address add 10.20.30.40/32 dev mytest1 Run as normal user a rootless container: podman run -d -p 10.20.30.40:1234:80 docker.io/library/nginx And then: curl http://10.20.30.40:1234 (worked on my PC) Kind regards, Rudolf Vesely ------- Original Message ------- On Monday, February 7th, 2022 at 8:31 AM, lejeczek via Podman <podman(a)lists.podman.io&gt; wrote: > On 05/02/2022 09:30, lejeczek via Podman wrote: > > > On 02/02/2022 14:18, Daniel Walsh wrote: > > > > > On 2/2/22 06:55, lejeczek via Podman wrote: > > > > > > > Hi guys. > > > > > > > > If I remember correctly both root full & less containers could > > > > > > > > talk(cni net) to localhost which was the host itself - was the > > > > > > > > removed recently or my memory fails me and that never worked? (if so > > > > > > > > then why?) > > > > > > > > many thanks, L > > > > > > > > Podman mailing list -- podman(a)lists.podman.io > > > > > > > > To unsubscribe send an email to podman-leave(a)lists.podman.io > > > > > > Not sure what you mean by your question, but nothing has been removed. > > > > > > podman run --net=host ... > > > > > > Will allow the local network interfaces into the container. > > > > > > What I remember - or think I do - worked was rootless(perhaps only > > > > > > rootful?) container created - without specifying network and with only > > > > > > one, default network in the system - was able to "talk" to the host > > > > > > with '127.0.0.1' > > > > I remember I had wordpress, nextcloud which I told to connect to > > > > database on 127.0.0.1 and that was MySQL running on the host. > > > > With '--net=host' port mapping is lost I understand, right? > > > > Presently having one, default network in the rootless system, so: > > > > [ > > > > { > > > > "cniVersion": "0.4.0", > > > > "name": "podman", > > > > "plugins": [ > > > > { > > > > "bridge": "cni-podman0", > > > > "hairpinMode": true, > > > > "ipMasq": true, > > > > "ipam": { > > > > "ranges": [ > > > > [ > > > > { > > > > "gateway": "10.88.0.1", > > > > "subnet": "10.88.0.0/16" > > > > } > > > > ] > > > > ], > > > > "routes": [ > > > > { > > > > "dst": "0.0.0.0/0" > > > > } > > > > ], > > > > "type": "host-local" > > > > }, > > > > "isGateway": true, > > > > "type": "bridge" > > > > }, > > > > ... > > > > and instantiating a container with or without specifying network does > > > > not seem to work, no 'cni-podman0' gets created, but this does work > > > > for rootful. > > > > I remember thinking: that was cool, to have a container able to > > > > communicate with host 127.0.0.1, best possible performance, right? > > > > So currently if I want to have rootless container talk to 10.88.0.1 I > > > > first have to have something rootful up & running. > > > > many thanks, L > > But - if anybody wonders the same about 'localhost' - similarly easy and > > perhaps offers better than '127.0.0.1''s security - if that 'localhost' > > worked - is to set up a 'dummy' iface on the host, perhaps for > > containers only. > > thanks, L. > > Podman mailing list -- podman(a)lists.podman.io > > To unsubscribe send an email to podman-leave(a)lists.podman.io