1

I am trying to get networking working with rootless containers using podman. Getting either external networking up and running or internal networking is not the issue. Using the --network option, containers are able to see each other. However ping 8.8.8.8 does not work. Starting containers without --network or with --network=slirp4netns ping 8.8.8.8 does work as expected. Of course in the latter case, there is no internal networking. What I think this tells me is that host is not blocking external access from within containers. The issues that I am facing is that I seem to be unable to get both internal and external networking working within containers at the same time.

> podman network ls 
NETWORK ID    NAME           VERSION     PLUGINS
2f259bab93aa  podman         0.4.0       bridge,portmap,firewall,tuning
6129a34887d3  container-net  0.4.0       bridge,portmap,firewall,tuning,dnsname

I am starting containers like so:

podman pod create \
  --network container-net \
  --network-alias test-pod \
  --hostname test-01 \
  --name test-pod

Contents of start-test.sh:

podman run --rm -it \
  --pod test-pod \
  --network=container-net \
  --dns-search dns.podman \
  --name test-01 \
  --network-alias test-01 \
  docker.io/alpine /bin/sh

> ./start-test.sh 
/ # ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
^C
--- 8.8.8.8 ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss

> podman --version
podman version 3.3.1

I have checked that selinux is not the cause by test with: setenforce 0 as well.

Is it possible to get both internal and external networking working within containers and if so, what does one need to do?

Improve this question

2 Answers 2

Reset to default
1

I just tried this on RHEL 8 and I was able to reproduce this issue. We also figured out the issue (I think). Try the following:

sudo sysctl -w net.ipv4.ping_group_range="0 2147483647"

You might be being limited by the group range and /etc/subuid /etc/subgid:

https://man7.org/linux/man-pages/man7/icmp.7.html

I'm not sure what the long term solution is yet, but if this works, you can likely fix it with sysctl for now.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

The issue I was having was not related to any configuration. As it turned out after having removed all podman created networks, rebooting the machine and recreating the networks I needed, the containers behave as expected, i.e. internal and external networking are working.

Improve this answer

1 Comment

how to remove the default network??

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.