Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-110959

[passt][pasta] inside a rootless container can't access the host's port

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • rhel-9.7
    • passt
    • None
    • No
    • None
    • rhel-virt-networking-passt-pasta
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      What were you trying to do that didn't work?

      when rootlessNetworkCmd is pasta, inside a rootless container, we can't access the host's port, while we set rootlessNetworkCmd is slirp4netns, there is no issue, we can access host's port successfully.

      What is the impact of this issue to you?

      Please provide the package NVR for which the bug is seen:

      passt-0^20250512.g8ec1341-2.el9.x86_64

      podman-5.6.1-0.1.el9.x86_64

       

      How reproducible is this bug?:

      Steps to reproduce

      [test@beaver-14 system]$ podman info | grep rootlessNetworkCmd
        rootlessNetworkCmd: pasta

      [test@beaver-14 system]$ ip addr
      1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
          link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
          inet 127.0.0.1/8 scope host lo
             valid_lft forever preferred_lft forever
          inet6 ::1/128 scope host 
             valid_lft forever preferred_lft forever
      2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
          link/ether b0:0b:15:67:48:14 brd ff:ff:ff:ff:ff:ff
          inet 10.6.56.184/24 brd 10.6.56.255 scope global dynamic noprefixroute enp1s0
             valid_lft 59156sec preferred_lft 59156sec
          inet6 2620:52:9:1638:b20b:15ff:fe67:4814/64 scope global dynamic noprefixroute 
             valid_lft 2591994sec preferred_lft 604794sec
          inet6 fe80::b20b:15ff:fe67:4814/64 scope link noprefixroute 
             valid_lft forever preferred_lft forever

      [test@beaver-14 system]$ podman run -d -p 6010:80/tcp --name=hello-world-a quay.io/libpod/alpine_nginx:latest
      e82a4f266daef7a34e6a39032c55dd5184d677c5c8d48da2509b92490bc117ff
      [test@beaver-14 system]$ podman exec hello-world-a curl http://10.6.56.184:6010
        % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                       Dload  Upload   Total   Spent    Left  Speed
        0     0    0     0    0     0      0      0 -::- -::- -::-     0
      curl: (7) Failed to connect to 10.6.56.184 port 6010 after 0 ms: Connection refused

      Expected results

      we can access the host's port

      Actual results

      we can't access the host's port, get a Connection refused

              sbrivio@redhat.com Stefano Brivio
              yujiang16 Yuhui Jiang
              Yuhui Jiang
              Stefano Brivio Stefano Brivio
              Lei Yang Lei Yang
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: