New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
unable to use a pure IPv6 server in a rootless container #14709
Comments
The mailing list post: https://lists.podman.io/archives/list/podman@lists.podman.io/thread/A7LNHHG24IRR7EHEI4TPBNE3LG6JKE4F/ I think this makes sense, in theory it is not complicated but there is a corner case: |
In my opinion you should not, just like this should not happen in a rootful container. but one can of course also add a couple of options to allow this to happen in all sorts of ways. To me the current behavior is unexpected and I would actually call it a bug. |
The current behaviour is definitely not a bug and changing it so that ipv6 connection are no longer forwarded to ipv4 can break existing workflows. It is somewhat common that the container has no ipv6 but ipv6 forwarding from the host is still expected to work. For example: #14491 |
Regarding #14491 : any idea how docker forwards the traffic if the container has an IPv6 address? At least in the docker-registry case it should work if the traffic is forwarded to the container's IPv6 address, if it has one, as the docker-registry should be accepting both, at least it does so in my setup. But I understand the desire to act by default the same as docker does. |
A friendly reminder that this issue had no activity for 30 days. |
@Luap99 Any update on this? |
no |
A friendly reminder that this issue had no activity for 30 days. |
A friendly reminder that this issue had no activity for 30 days. |
Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)
/kind feature
Description
Currently all traffic is forwarded into a rootless container using the
rootlessport
proxy. This forwards all the traffic to the IPv4 address of the container if it has one and only picks the IPv6 address if there is no IPv4 address. The code for this should be:podman/libpod/networking_slirp4netns.go
Lines 687 to 712 in 8e88abd
So when I start an IPv6 only service, for example in go by a listener for tcp6, it does not receive any traffic. I would expect that traffic that reaches the host on an IPv4 address is forwarded to the containers IPv4 address and traffic that reaches the host on an IPv6 address is forwarded to the container on it's IPv6 address. This should also match to what happens in a rootful container.
Steps to reproduce the issue:
create a container image that contains a service that only listens on
::
so only accepts IPv6 requestsstart the container in rootless mode
podman run -it --rm --name test -p 8080:8080 test-container
try to connect to the container using IPv4 and IPv6
Describe the results you received:
When the service in the container only listens to
tcp6
then no communication is possible. However when the service is change to listen totcp4
then a request via IPv4 and IPv6 worksDescribe the results you expected:
I would expect that IPv4 requests are being forwarded as IPv4 and IPv6 as IPv6, basically as it happens in rootful. So when I start the service using
tcp6
only an IPv6 connection should work and if I start it astcp4
only IPv4 should work. When I start it usingtcp
than both should work.Additional information you deem important (e.g. issue happens only occasionally):
Output of
podman version
:Output of
podman info --debug
:Package info (e.g. output of
rpm -q podman
orapt list podman
):Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/main/troubleshooting.md)
No but i asked on the mailing list
Additional environment details (AWS, VirtualBox, physical, etc.):
The text was updated successfully, but these errors were encountered: