You are not logged in.
Hi,
I came straight from podman 4.9.3-1 to podman 5.0.3-1 yesterday and my rootless containers can't reach my host webservices anymore.
So i investigated a lot of time with the change of 'cni' to 'netavark' and 'podman network' + ip tables roules.
Long story short for me after one day of googleing and chatgpt
Podman 5.0 breaking changes in detail
By default it will not be possible to connect to the host via the eth0 (or whatever your main interface is called) ip as the exact same ip is used in the container and thus is not routed to the outside. This can cause problems for users of the host.containers.internal name entry as we rely on the host ip being reachable. For Podman 5.0.0 it is likely that this entry will contain a invalid ip but we are working on a fix for Podman 5.0.1. However, the underlying problem will stay if you only have a single host ip (excluding localhost), as there would be no way to route to that if the container always uses the same ip. One workaround for that is to tell pasta to use a different address in the container. In this case set something like this in containers.conf:
'Pasta' was the problem, becuase the 'default_rootless_network_cmd' changed from 'slirp4netns' to 'pasta'
And myself didn't touched this option in 'containers.conf', there it was commented out.
[network]
# default_rootless_network_cmd = ""
# change to.
default_rootless_network_cmd = "slirp4netns"
So the empty entry needs to change to 'slirp4netns' and your containers could reach the host again.
If somebody knows how 'pasta' can handle this - which is from this linked article not possible.
Please let me know.
Last edited by Rise6557 (2024-05-21 18:41:02)
Offline
You can use the `--network=pasta:--map-gw` option. See `man podman run`. Unfortunately `host.containers.internal` is not yet set to the gateway IP. See https://github.com/containers/podman/issues/19213
Offline