-
|
I have built a tool around Podman that I use to simplify development inside rootless containers and have recently added support for creating TUN/TAP devices inside these containers (as per Gerharddc/litterbox@5e2ef65). The reason I added this feature is because I would like to test out an embedded networking stack running on top of a TAP device. Thus I am now running something similar to https://github.com/embassy-rs/embassy/blob/main/examples/std/src/bin/net_dns.rs but am not managing to get DNS queries working. If it makes a difference, the container is set up to use pasta networking without port forwarding. I'm not 100% sure if it's the issue, but my suspicion is that my "host" (i.e. the podman container) is not forwarding packets received on the TAP interface (which is assigned to 192.168.69.100). On my host host (i.e. outside any container) I have used I have also run Any advice or suggestions would be greatly appreciated! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
|
In rootless containers, the network namespace starts with |
Beta Was this translation helpful? Give feedback.
-
|
Thanks @anntnzrb I'll try that! Would I still need to enable packet forwarding "globally" on the host or is it possible to only have forwarding enabled inside the container namespace? |
Beta Was this translation helpful? Give feedback.
-
|
Great, this seems to work without packet forwarding needing to be enabled on the host. It also does not even require the iptables NAT rules. Thanks again! |
Beta Was this translation helpful? Give feedback.
In rootless containers, the network namespace starts with
ip_forward=0by default. Use--sysctl net.ipv4.ip_forward=1when creating the container:podman run --sysctl net.ipv4.ip_forward=1 <image>. This enables packet forwarding inside the container for your TAP interface NAT setup.