[feature request] Podman rootless containers + slirp4netns compatible with safe network nodes.

[Folaht]

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind feature

Make podman + slirp4netns work with the safe network.
I'm not sure if this is a maidsafe issue or a podman issue, so I'm putting this in both.

Description

My goal is to put safe network nodes to work inside rootless podman containers,
as an attempt to ensure that all safe network nodes run on the same safe environment on all machines,
without any interference from any other application.

This result so far of my attempt is that I can run the root node inside the container with LAN and tap0 IP addresses,
but the root podman container node unfortunately assigns the wrong IP address and port the for host node when it attempts to connect to the root node via slirp4netns. Or the host node does it itself. I don't know what goes on internally.

Steps to reproduce the issue:

1. podman pull ghcr.io/safenetwork-community/rootnode-ipv4:main-dev

2. curl -so- https://raw.githubusercontent.com/maidsafe/sn_cli/master/resources/install.sh | bash

podman run \
--name test_rootnode-ipv4 \
--restart unless_stopped \
--publish 192.168.x.x:12000:12000/tcp \
--publish 192.168.x.x:12000:12000/udp \
--env LOC_IP="10.0.2.100"
--env LOC_PORT="12000"
--env PUB_IP="192.168.x.x"
--env PUB_PORT="12000"
--env NETWORK_NAME="lan-ipv4" \
--mount type=bind,source=~/.local/share/safe/cli/,destination=/home/admin/.safe/cli/ \
-d ghcr.io/safenetwork-community/joinnode-ipv4:main

4. safe install node
5. cp /home/user/.local/share/safe/cli/networks/lan-ipv4_node_connection_info.config /home/user/.safe/cli/networks/lan-ipv4_node_connection_info.config

safe networks switch lan-ipv4 && \
  RUST_BACKTRACE=full ~/.safe/node/sn_node -vvvv \
  --clear-data \
  --skip-auto-port-forwarding \
  --local-addr 192.168.178.29:12001 \
  --public-addr 192.168.178.29:12001 \
  --root-dir=/home/folaht/.safe/node/joinnode-ipv4_12001 \
  --log-dir=/home/folaht/.safe/node/joinnode-ipv4_12001 &

Describe the results you received:

https://gist.github.com/Folaht/70ae0329b5acd176cc3ea84b920c1576

Describe the results you expected:

I was hoping I would have a connection between these two nodes.

[Luap99]

I have no idea what "safe network" is expecting but have you tried if this works as root? The rootlesskit port forwarder which is used by default will change the source ip of the incoming connections, you can change this behaviour with with --network slirp4netns:port_handler=slirp4netns

[Folaht]

I have not tried it as root yet. I'm trying it right now.

Adding --network slirp4netns:port_handler=slirp4netns gives me:

Error: error from slirp4netns while setting up port redirection: map[desc:bad request: add_hostfwd: slirp_add_hostfwd failed]
Error: can only create exec sessions on running containers: container state improper

[update]

Rootfull seems to work.

[Luap99]

map[desc:bad request: add_hostfwd: slirp_add_hostfwd failed]

This error usually means that the port is already binded IRC, can you check that?

[Folaht]

What do you mean by binded and how to check that?
Do you mean to say it's already in use?
And which IP/port would have to be checked?

[mheon]

Something else on the host may be using the port in question. Are you sure the port is open?

[Folaht]

The ports I assign them to are.
The random ports that show up are not.

And this doesn't happen under rootfull containers.

[github-actions]

A friendly reminder that this issue had no activity for 30 days.

[rhatdan]

Could you verify if you still have this issue with podman 4?

[Luap99]

I close this since this is a configuration problem and nothing podman can really fix. We can continue the discussion here.

[Folaht]

I still have this issue with podman 4.