Please fill in the following information:

---

Issue description

This bug is for both text and video content. In the coursebook "Red Hat OpenShift Container Platform 4.12 DO188 Red Hat OpenShift Development I: Introduction to Containers with Podman Edition 1 20230504 Publication date 20230504" we have the following excerpt, From which I understand that container in different podman networks cannot communicate with each other as there is some isolation.

~~~~~ However, you might need to create a new Podman network to better suit the increased communication needs of most applications. For example, the containers running an application API and database can use a separate Podman network to isolate their communication from other containers. Similarly, that same API container can use yet another network to isolate communication with a third container that hosts the application UI.

~~~~~ However testing it I can see containers being in different podman networks can communicate with each other successfully.

~~~~ $ uname -r; podman version 5.14.0-362.8.1.el9_3.x86_64 Client: Podman Engine Version: 4.6.1 API Version: 4.6.1 Go Version: go1.20.6 Built: Fri Aug 25 16:38:17 2023 OS/Arch: linux/amd64

~~~~ ~~~~ $ podman network ls NETWORK ID NAME DRIVER 41b545d7e2f7 net-1 bridge a309dba49152 net-2 bridge 2f259bab93aa podman bridge $ podman ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 1052bf912993 registry.access.redhat.com/ubi9/httpd-24:latest /usr/bin/run-http... 21 hours ago Up 37 minutes 0.0.0.0:8081->8080/tcp apache1 def8f9ec4a80 registry.access.redhat.com/ubi9/httpd-24:latest /usr/bin/run-http... 21 hours ago Up 37 minutes 0.0.0.0:8082->8080/tcp apache2 3dd1adde0c24 registry.access.redhat.com/ubi9/httpd-24:latest /usr/bin/run-http... 18 hours ago Up 37 minutes 0.0.0.0:8083->8080/tcp apache3 $ podman inspect apache1 | jq '.[].NetworkSettings.Networks."net-1" | "(.IPAddress) (.NetworkID)"' "10.89.0.2 net-1" $ podman inspect apache2 | jq '.[].NetworkSettings.Networks."net-2" | "(.IPAddress) (.NetworkID)"' "10.89.1.2 net-2" $ podman exec -it apache1 curl -s --head http://10.89.1.2:8080 HTTP/1.1 200 OK Date: Wed, 29 Nov 2023 06:56:33 GMT Server: Apache/2.4.57 (Red Hat Enterprise Linux) OpenSSL/3.0.7 Last-Modified: Wed, 29 Nov 2023 06:55:45 GMT ETag: "1a-60b45064006d0" Accept-Ranges: bytes Content-Length: 26 Content-Type: text/html; charset=UTF-8 $ podman exec -it apache2 curl -s --head http://10.89.0.2:8080 HTTP/1.1 200 OK Date: Wed, 29 Nov 2023 06:56:50 GMT Server: Apache/2.4.57 (Red Hat Enterprise Linux) OpenSSL/3.0.7 Last-Modified: Wed, 29 Nov 2023 06:55:22 GMT ETag: "1a-60b4504de046f" Accept-Ranges: bytes Content-Length: 26 Content-Type: text/html; charset=UTF-8

~~~~ In the video content we can see the curl fail from web1->web2 for both name resolution and ip address, And this is because when a non root user(student in this case) starts a container without '--net' option by default the network is setup by slirptnetns. slirp4netns creates a tunnel from the host into the container to forward traffic and provides a non routable ip address.

~~~~~ $ id uid=1000(tom) gid=1000(tom) groups=1000(tom) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 $ podman run -dt --name web-nonroot2 -p 8089:80 quay.io/libpod/banner $ podman inspect web-nonroot | jq '.[].NetworkSettings' { "EndpointID": "", "Gateway": "", "IPAddress": "", "IPPrefixLen": 0, "IPv6Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "MacAddress": "", "Bridge": "", "SandboxID": "", "HairpinMode": false, "LinkLocalIPv6Address": "", "LinkLocalIPv6PrefixLen": 0, "Ports": { "80/tcp": [

{ "HostIp": "", "HostPort": "8084" }

] }, "SandboxKey": "/run/user/1000/netns/netns-a7b5ed12-7681-a951-ea64-5354eafc0c59" }  

Steps to reproduce:

 

Workaround:

 

Expected result: