podman
podman copied to clipboard
containers
podman networking not working with second ipv6 address when connecting locally
Issue Description
Describe your issue
[almalinux@redhat ~]$ podman version
Client: Podman Engine
Version: 5.2.2
API Version: 5.2.2
Go Version: go1.22.9 (Red Hat 1.22.9-2.el9_5)
Built: Tue Feb 4 03:46:22 2025
OS/Arch: linux/amd64
[almalinux@redhat ~]$ podman version
Client: Podman Engine
Version: 5.2.2
API Version: 5.2.2
Go Version: go1.22.9 (Red Hat 1.22.9-2.el9_5)
Built: Tue Feb 4 03:46:22 2025
OS/Arch: linux/amd64
[almalinux@redhat ~]$ podman info
host:
arch: amd64
buildahVersion: 1.37.6
cgroupControllers:
- memory
- pids
cgroupManager: systemd
cgroupVersion: v2
conmon:
package: conmon-2.1.12-1.el9.x86_64
path: /usr/bin/conmon
version: 'conmon version 2.1.12, commit: eb379dceb7efebd9a9d6b3349a57424d83483065'
cpuUtilization:
idlePercent: 98.56
systemPercent: 0.7
userPercent: 0.73
cpus: 2
databaseBackend: sqlite
distribution:
distribution: almalinux
version: "9.5"
eventLogger: journald
freeLocks: 2047
hostname: redhat
idMappings:
gidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 100000
size: 65536
uidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 100000
size: 65536
kernel: 5.14.0-503.33.1.el9_5.x86_64
linkmode: dynamic
logDriver: journald
memFree: 973213696
memTotal: 1821560832
networkBackend: netavark
networkBackendInfo:
backend: netavark
dns:
package: aardvark-dns-1.12.2-1.el9_5.x86_64
path: /usr/libexec/podman/aardvark-dns
version: aardvark-dns 1.12.2
package: netavark-1.12.2-1.el9.x86_64
path: /usr/libexec/podman/netavark
version: netavark 1.12.2
ociRuntime:
name: crun
package: crun-1.16.1-1.el9.x86_64
path: /usr/bin/crun
version: |-
crun version 1.16.1
commit: afa829ca0122bd5e1d67f1f38e6cc348027e3c32
rundir: /run/user/1000/crun
spec: 1.0.0
+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
os: linux
pasta:
executable: /usr/bin/pasta
package: passt-0^20240806.gee36266-7.el9_5.x86_64
version: |
pasta 0^20240806.gee36266-7.el9_5.x86_64
Copyright Red Hat
GNU General Public License, version 2 or later
<https://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
remoteSocket:
exists: false
path: /run/user/1000/podman/podman.sock
rootlessNetworkCmd: pasta
security:
apparmorEnabled: false
capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: true
seccompEnabled: true
seccompProfilePath: /usr/share/containers/seccomp.json
selinuxEnabled: false
serviceIsRemote: false
slirp4netns:
executable: /usr/bin/slirp4netns
package: slirp4netns-1.3.1-1.el9.x86_64
version: |-
slirp4netns version 1.3.1
commit: e5e368c4f5db6ae75c2fce786e31eef9da6bf236
libslirp: 4.4.0
SLIRP_CONFIG_VERSION_MAX: 3
libseccomp: 2.5.2
swapFree: 0
swapTotal: 0
uptime: 0h 21m 10.00s
variant: ""
plugins:
authorization: null
log:
- k8s-file
- none
- passthrough
- journald
network:
- bridge
- macvlan
- ipvlan
volume:
- local
registries:
search:
- registry.access.redhat.com
- registry.redhat.io
- docker.io
store:
configFile: /home/almalinux/.config/containers/storage.conf
containerStore:
number: 1
paused: 0
running: 1
stopped: 0
graphDriverName: overlay
graphOptions: {}
graphRoot: /home/almalinux/.local/share/containers/storage
graphRootAllocated: 9383706624
graphRootUsed: 1366781952
graphStatus:
Backing Filesystem: xfs
Native Overlay Diff: "true"
Supports d_type: "true"
Supports shifting: "false"
Supports volatile: "true"
Using metacopy: "false"
imageCopyTmpDir: /var/tmp
imageStore:
number: 1
runRoot: /run/user/1000/containers
transientStore: false
volumePath: /home/almalinux/.local/share/containers/storage/volumes
version:
APIVersion: 5.2.2
Built: 1738640782
BuiltTime: Tue Feb 4 03:46:22 2025
GitCommit: ""
GoVersion: go1.22.9 (Red Hat 1.22.9-2.el9_5)
Os: linux
OsArch: linux/amd64
Version: 5.2.2
[almalinux@redhat ~]$ rpm -q podman
podman-5.2.2-13.el9_5.x86_64
[almalinux@redhat ~]$
[almalinux@redhat ~]$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether bc:24:11:6f:5f:91 brd ff:ff:ff:ff:ff:ff
altname enp6s18
inet 10.22.33.87/20 brd 10.22.47.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 2603:8000:f63d:b534:be24:11ff:fe6f:5f91/64 scope global dynamic noprefixroute
valid_lft 300sec preferred_lft 300sec
inet6 fdb8:d92a:f690:3d7f:be24:11ff:fe6f:5f91/64 scope global dynamic noprefixroute
valid_lft 86391sec preferred_lft 14391sec
inet6 fe80::be24:11ff:fe6f:5f91/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[almalinux@redhat ~]$
Steps to reproduce the issue
Steps to reproduce the issue
podman run --replace --name nginx -p 8080:80 -d docker.io/nginx, not working with [::]8080:80 for the fdb8:d92a:f690:3d7f:be24:11ff:fe6f:5f91 on local either- [almalinux@redhat ~]$ curl 10.22.33.87:8080
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
...
- [almalinux@redhat ~]$ curl [2603:8000:f63d:b534:be24:11ff:fe6f:5f91]:8080
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
...
- [almalinux@redhat ~]$ curl [fdb8:d92a:f690:3d7f:be24:11ff:fe6f:5f91]:8080 [times out](curl: (56) Recv failure: Connection reset by peer)
- another machine outside:
it3@it3s-MacBook-Pro-2 ~ % curl 10.22.33.87:8080
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
...
it3@it3s-MacBook-Pro-2 ~ % curl '[fdb8:d92a:f690:3d7f:be24:11ff:fe6f:5f91]:8080'
<!DOCTYPE html>
<html>
<head>
...
Describe the results you received
Describe the results you received
Describe the results you expected
Describe the results you expected should work inside of almalinux
podman info output
If you are unable to run podman info for any reason, please provide the podman version, operating system and its version and the architecture you are running.
Podman in a container
No
Privileged Or Rootless
None
Upstream Latest Release
Yes
Additional environment details
Additional environment details:
[almalinux@redhat ~]$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
70a8c0bef100 docker.io/library/nginx:latest nginx -g daemon o... 3 minutes ago Up 3 minutes 0.0.0.0:8080->80/tcp, 80/tcp nginx
[almalinux@redhat ~]$
[almalinux@redhat ~]$ podman inspect nginx
[
{
"Id": "70a8c0bef10099667cfc1a1bc2dcf78b90d4085c5629ba57bee92ee8c4fdb64f",
"Created": "2025-03-26T17:46:35.115100982Z",
"Path": "/docker-entrypoint.sh",
"Args": [
"nginx",
"-g",
"daemon off;"
],
"State": {
"OciVersion": "1.2.0",
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 2326,
"ConmonPid": 2324,
"ExitCode": 0,
"Error": "",
"StartedAt": "2025-03-26T17:46:35.238109249Z",
"FinishedAt": "0001-01-01T00:00:00Z",
"CgroupPath": "/user.slice/user-1000.slice/[email protected]/user.slice/libpod-70a8c0bef10099667cfc1a1bc2dcf78b90d4085c5629ba57bee92ee8c4fdb64f.scope",
"CheckpointedAt": "0001-01-01T00:00:00Z",
"RestoredAt": "0001-01-01T00:00:00Z"
},
"Image": "53a18edff8091d5faff1e42b4d885bc5f0f897873b0b8f0ace236cd5930819b0",
"ImageDigest": "sha256:124b44bfc9ccd1f3cedf4b592d4d1e8bddb78b51ec2ed5056c52d3692baebc19",
"ImageName": "docker.io/library/nginx:latest",
"Rootfs": "",
"Pod": "",
"ResolvConfPath": "/run/user/1000/containers/overlay-containers/70a8c0bef10099667cfc1a1bc2dcf78b90d4085c5629ba57bee92ee8c4fdb64f/userdata/resolv.conf",
"HostnamePath": "/run/user/1000/containers/overlay-containers/70a8c0bef10099667cfc1a1bc2dcf78b90d4085c5629ba57bee92ee8c4fdb64f/userdata/hostname",
"HostsPath": "/run/user/1000/containers/overlay-containers/70a8c0bef10099667cfc1a1bc2dcf78b90d4085c5629ba57bee92ee8c4fdb64f/userdata/hosts",
"StaticDir": "/home/almalinux/.local/share/containers/storage/overlay-containers/70a8c0bef10099667cfc1a1bc2dcf78b90d4085c5629ba57bee92ee8c4fdb64f/userdata",
"OCIConfigPath": "/home/almalinux/.local/share/containers/storage/overlay-containers/70a8c0bef10099667cfc1a1bc2dcf78b90d4085c5629ba57bee92ee8c4fdb64f/userdata/config.json",
"OCIRuntime": "crun",
"ConmonPidFile": "/run/user/1000/containers/overlay-containers/70a8c0bef10099667cfc1a1bc2dcf78b90d4085c5629ba57bee92ee8c4fdb64f/userdata/conmon.pid",
"PidFile": "/run/user/1000/containers/overlay-containers/70a8c0bef10099667cfc1a1bc2dcf78b90d4085c5629ba57bee92ee8c4fdb64f/userdata/pidfile",
"Name": "nginx",
"RestartCount": 0,
"Driver": "overlay",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"EffectiveCaps": [
"CAP_CHOWN",
"CAP_DAC_OVERRIDE",
"CAP_FOWNER",
"CAP_FSETID",
"CAP_KILL",
"CAP_NET_BIND_SERVICE",
"CAP_SETFCAP",
"CAP_SETGID",
"CAP_SETPCAP",
"CAP_SETUID",
"CAP_SYS_CHROOT"
],
"BoundingCaps": [
"CAP_CHOWN",
"CAP_DAC_OVERRIDE",
"CAP_FOWNER",
"CAP_FSETID",
"CAP_KILL",
"CAP_NET_BIND_SERVICE",
"CAP_SETFCAP",
"CAP_SETGID",
"CAP_SETPCAP",
"CAP_SETUID",
"CAP_SYS_CHROOT"
],
"ExecIDs": [],
"GraphDriver": {
"Name": "overlay",
"Data": {
"LowerDir": "/home/almalinux/.local/share/containers/storage/overlay/f8e4659aaae585fd20a9655c645fbc7a517db9ab439ec04c285c1266d9aa81da/diff:/home/almalinux/.local/share/containers/storage/overlay/43b0068fbc46b5c33f807f0bc6e3ad52551c462ac0c4143c5bda883f50a56fd3/diff:/home/almalinux/.local/share/containers/storage/overlay/9d4c6902a2cf23d7218dec447d3a42afd26bda37a170437ce2cc1b7f86eac288/diff:/home/almalinux/.local/share/containers/storage/overlay/4debc576d730f4ba59f008ace0f21ec6f5c33969db5caf7616781010eda844a1/diff:/home/almalinux/.local/share/containers/storage/overlay/4cb15dbe739ed3550fa3566c0258f9ee252b4b2bcc36e2fca0bea105dfc02c42/diff:/home/almalinux/.local/share/containers/storage/overlay/5661ea53d54b5522a49aa8471fe5ed99c0b7aefcfc652d0a07e8d4aedb5d2058/diff:/home/almalinux/.local/share/containers/storage/overlay/1287fbecdfcce6ee8cf2436e5b9e9d86a4648db2d91080377d499737f1b307f3/diff",
"MergedDir": "/home/almalinux/.local/share/containers/storage/overlay/9dfdd305aaa33af9f308107fdab78f9ebb2d9e72fa5c5f0bd4c946da958d157d/merged",
"UpperDir": "/home/almalinux/.local/share/containers/storage/overlay/9dfdd305aaa33af9f308107fdab78f9ebb2d9e72fa5c5f0bd4c946da958d157d/diff",
"WorkDir": "/home/almalinux/.local/share/containers/storage/overlay/9dfdd305aaa33af9f308107fdab78f9ebb2d9e72fa5c5f0bd4c946da958d157d/work"
}
},
"Mounts": [],
"Dependencies": [],
"NetworkSettings": {
"EndpointID": "",
"Gateway": "",
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "",
"Bridge": "",
"SandboxID": "",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {
"80/tcp": [
{
"HostIp": "0.0.0.0",
"HostPort": "8080"
}
]
},
"SandboxKey": "/run/user/1000/netns/netns-51163741-c80a-0944-9d18-67b03e601809"
},
"Namespace": "",
"IsInfra": false,
"IsService": false,
"KubeExitCodePropagation": "invalid",
"lockNumber": 0,
"Config": {
"Hostname": "70a8c0bef100",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"DYNPKG_RELEASE=1~bookworm",
"NGINX_VERSION=1.27.4",
"NJS_VERSION=0.8.9",
"NJS_RELEASE=1~bookworm",
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"container=podman",
"PKG_RELEASE=1~bookworm",
"HOME=/root",
"HOSTNAME=70a8c0bef100"
],
"Cmd": [
"nginx",
"-g",
"daemon off;"
],
"Image": "docker.io/library/nginx:latest",
"Volumes": null,
"WorkingDir": "/",
"Entrypoint": [
"/docker-entrypoint.sh"
],
"OnBuild": null,
"Labels": {
"maintainer": "NGINX Docker Maintainers \[email protected]\u003e"
},
"Annotations": {
"io.container.manager": "libpod",
"org.opencontainers.image.stopSignal": "3",
"org.systemd.property.KillSignal": "3",
"org.systemd.property.TimeoutStopUSec": "uint64 10000000"
},
"StopSignal": "SIGQUIT",
"HealthcheckOnFailureAction": "none",
"HealthLogDestination": "local",
"HealthcheckMaxLogCount": 5,
"HealthcheckMaxLogSize": 500,
"CreateCommand": [
"podman",
"run",
"--replace",
"--name",
"nginx",
"-p",
"8080:80",
"-d",
"docker.io/nginx"
],
"Umask": "0022",
"Timeout": 0,
"StopTimeout": 10,
"Passwd": true,
"sdNotifyMode": "container",
"ExposedPorts": {
"80/tcp": {}
}
},
"HostConfig": {
"Binds": [],
"CgroupManager": "systemd",
"CgroupMode": "private",
"ContainerIDFile": "",
"LogConfig": {
"Type": "journald",
"Config": null,
"Path": "",
"Tag": "",
"Size": "0B"
},
"NetworkMode": "pasta",
"PortBindings": {
"80/tcp": [
{
"HostIp": "0.0.0.0",
"HostPort": "8080"
}
]
},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"AutoRemoveImage": false,
"Annotations": {
"io.container.manager": "libpod",
"org.opencontainers.image.stopSignal": "3",
"org.systemd.property.KillSignal": "3",
"org.systemd.property.TimeoutStopUSec": "uint64 10000000"
},
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": [],
"CapDrop": [],
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": [],
"GroupAdd": [],
"IpcMode": "shareable",
"Cgroup": "",
"Cgroups": "default",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "private",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": [],
"Tmpfs": {},
"UTSMode": "private",
"UsernsMode": "",
"ShmSize": 65536000,
"Runtime": "oci",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "user.slice",
"BlkioWeight": 0,
"BlkioWeightDevice": null,
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DiskQuota": 0,
"KernelMemory": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": 0,
"OomKillDisable": false,
"PidsLimit": 2048,
"Ulimits": [
{
"Name": "RLIMIT_NOFILE",
"Soft": 524288,
"Hard": 524288
},
{
"Name": "RLIMIT_NPROC",
"Soft": 6655,
"Hard": 6655
}
],
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"CgroupConf": null
}
}
]
[almalinux@redhat ~]$
Additional information
netcat works inside of local:
ssh almalinux@myhost
[almalinux@redhat ~]$ nc -l fdb8:d92a:f690:3d7f:be24:11ff:fe6f:5f91 1234
another ssh session:
ssh almalinux@myhost
[almalinux@redhat ~]$ nc fdb8:d92a:f690:3d7f:be24:11ff:fe6f:5f91 1234
type something
and it works.
the issue initially happened with a fresh install of podman 5.4.1 if memory serves, but I deleted that instance and I only have almalinux to repro now.
the public ipv6 address is from the internet route while the private ipv6 address fdb8:d92a:f690:3d7f:be24:11ff:fe6f:5f91 is from radvd router announcement that I set up, not sure if that makes any difference.
update: switched network drive to slirp4netns and recreated the container and problem solved, so it must be issue with pasta:
[network]
default_rootless_network_cmd = "slirp4netns"
Sounds like an issue with pasta, can you reproduce this with the latest pasta version?
cc @sbrivio-rh @dgibson
podman run --replace --name nginx -p 8080:80 -d docker.io/nginx, not working with [::]8080:80 for the fdb8:d92a:f690:3d7f:be24:11ff:fe6f:5f91 on local either
Do you know what address nginx binds to, inside the container? Does it bind to a specific address or to :: (any address)?
$ podman unshare nsenter -n$(podman inspect --format '{{.NetworkSettings.SandboxKey}}' -l) ss -tuln
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
tcp LISTEN 0 511 0.0.0.0:80 0.0.0.0:*
tcp LISTEN 0 511 [::]:80 [::]:*
I tried postgres and it is the same, so it must be pasta issue
See https://github.com/containers/podman/issues/25693#issuecomment-2757338091.
A friendly reminder that this issue had no activity for 30 days.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}