New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
podman differs with docker in ipv6 functionality #14491
Comments
@Luap99 Interested in this one? |
Do you run podman as root? I don't really know about docker but AFAIK they also do not have ipv6 enabled by default. As rootless it should just work with podman v4.0 or newer. |
Yes, I'm only testing as root. However, I've done no explicit ipv6 configuration to either podman or docker.
|
Looks like the docker-proxy process takes care of the port forwarding when no iptables rule match. |
So we could do the same thing as docker and in addition to the iptables rules create an extra user space proxy process. The advantage is that this would allow us Also rootlessport does not have sctp support but I guess this is not really important. At least I am not aware of any sctp users. @mheon WDYT? |
@Luap99 Part of the original design discussion for aardvark was to implement this there, given that it's already a running process so (theoretically) the overhead of also forwarding traffic should not be high, but that would require us reimplementing parts of rootlessport in Rust, which does seem undesirable. Never thought of reusing the existing code for this; it sounds technically attractive, though I'd definitely want it to be optional. |
Aardvark does not sounds like a good place for me, IMO it should only do dns. Itwill not be spawned if the network has no dns. Also we would need to spawn many threads to join different net namespaces which will get messy. It would make more sense to implement this in conmon-rs but I don't know the time line for that. |
A friendly reminder that this issue had no activity for 30 days. |
@Luap99 any movement on this one? |
No this is a lot of work |
A friendly reminder that this issue had no activity for 30 days. |
Still an issue. |
A friendly reminder that this issue had no activity for 30 days. |
Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)
/kind bug
Description
With both docker and podman, I can run a registry container that listens on port 5000, something like:
docker run -d -p 5000:5000 registry:latest
or
podman run -d -p 5000:5000 registry:latest
With docker, this results in the container being accessible over ipv6:
With podman, this is not the case:
Additional information you deem important (e.g. issue happens only occasionally):
Output of
podman version
:Output of
podman info --debug
:Package info (e.g. output of
rpm -q podman
orapt list podman
):N/A - reproducible from git
Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/main/troubleshooting.md)
Yes.
Additional environment details (AWS, VirtualBox, physical, etc.):
This is on Gentoo on a physical system.
The text was updated successfully, but these errors were encountered: