Arch Linux

PranshuTG

Member

Registered: 2022-04-01

Posts: 89

rootful podman ipv4 problems

I'm running a rootful tor container with podman, and quite recently i've had issues with rootful podman being unable to do any ipv4 traffic.

▶ sudo podman logs tor          
Mar 22 08:21:06.149 [notice] Tor 0.4.8.17 running on Linux with Libevent 2.1.12-stable, OpenSSL 3.5.2, Zlib 1.3.1, Liblzma 5.8.1, Libzstd 1.5.7 and Unknown N/A as libc.
Mar 22 08:21:06.149 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://support.torproject.org/faq/staying-anonymous/
Mar 22 08:21:06.282 [notice] Read configuration file "/etc/tor/torrc".
Mar 22 08:21:06.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Mar 22 08:21:06.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Mar 22 08:21:06.000 [notice] Set list of supported TLS groups to: ?*X25519MLKEM768 / ?SecP256r1MLKEM768:?X25519 / *P-256:P-224
Mar 22 08:21:06.000 [notice] Bootstrapped 0% (starting): Starting
Mar 22 08:21:12.000 [notice] Starting with guard context "default"
Mar 22 08:21:13.000 [notice] Bootstrapped 5% (conn): Connecting to a relay

When building the image, theres a similar error:

▶ sudo podman-compose build tor               
STEP 1/9: FROM alpine:3.23
STEP 2/9: RUN apk update
WARNING: updating and opening https://dl-cdn.alpinelinux.org/alpine/v3.23/main/x86_64/APKINDEX.tar.gz: DNS: transient error (try again later)
WARNING: updating and opening https://dl-cdn.alpinelinux.org/alpine/v3.23/community/x86_64/APKINDEX.tar.gz: DNS: transient error (try again later)
2 unavailable, 0 stale; 16 distinct packages available
Error: building at STEP "RUN apk update": while running runtime: exit status 2

My versions:
6.19.8-zen1-1-zen
podman version 5.8.1

I tried pinging inside the container with ipv6 and it worked, but pinging 8.8.8.8 didn't work. Both succeeded outside of the container

EDIT:
updated kernel to 6.19.9-zen1-1-zen and still the same problem

Last edited by PranshuTG (2026-03-22 08:53:42)

PaddraighOS

Member

Registered: 2026-03-29

Posts: 2

Re: rootful podman ipv4 problems

Few things worth checking here. IPv6 working but IPv4 failing inside the container is usually a masquerade/forwarding issue.

First, verify IPv4 forwarding is enabled on the host:

sysctl net.ipv4.ip_forward

Should return 1. If it's 0, add it to /etc/sysctl.d/ and run sysctl --system.

Second, rootful podman with netavark uses aardvark-dns for container DNS. Check if the service is running:

systemctl status aardvark-dns

Third, check your iptables/nftables masquerade rules are in place. With netavark the rules should be auto-created, but sometimes a firewall (firewalld/ufw) can interfere:

iptables -t nat -L POSTROUTING -v -n

You should see a MASQUERADE rule for the podman network range (typically 10.88.0.0/16).

If the rules look wrong, try recreating the default podman network:

sudo podman network rm podman
sudo podman network create

Then restart your container. The DNS error during build is almost certainly the same root cause since aardvark-dns relies on IPv4 to forward queries outside the container namespace.