Add the ability to publish IPv6 addresses/ports
-p [::]:8080:80
Proposed configuration option ipv6
set container name busybox port web source 8080 set container name busybox port web destination 8 set container name busybox port web ipv6
Description
Description
Details
Details
- Difficulty level
- Unknown (require assessment)
- Version
- -
- Why the issue appeared?
- Will be filled on close
- Is it a breaking change?
- Unspecified (possibly destroys the router)
- Issue type
- Feature (new functionality)
Related Objects
Related Objects
Event Timeline
Comment Actions
That CLI node ipv6 only implements a minor subset of the entire featureset of port forwarding.
We should rather specify:
set container name <name> port <service-name> source <port> set container name <name> port <service-name> destination <port> set container name <name> port <service-name> listen-address
listen-address should allow any IPv4/IPv6 address and should be able to be specified multiple times (check if this is supported in podman)
Comment Actions
It seems that only one address could be set
--publish, -p=[[ip:][hostPort]:]containerPort[/protocol]
https://docs.podman.io/en/latest/markdown/podman-create.1.html#publish-p-port
Update
it possible this way
vyos@r14# sudo podman run --rm -it --name foo --net NET01 -p 192.0.2.1:8080:80 -p 192.168.122.14:8080:80 -p [2001:db8:1111::1]:8080:80 busybox / # vyos@r14# sudo podman port -l 80/tcp -> 192.0.2.1:8080 80/tcp -> 192.168.122.14:8080 80/tcp -> 2001:db8:1111::1:8080 [edit] vyos@r14#
Comment Actions
Thanks for adding the "listen-address" configuration option, unfortunately that alone may not be enough to make ipv6 services work on rootful podman. I didn't realize this since I primarily use rootless podman on my Fedora and SuSE machines or docker on the server side.
Here are relevant tickets:
https://github.com/containers/podman/issues/17782
https://github.com/containers/podman/issues/14491
Best discussion of the specific problem (even if closed)
https://github.com/containers/podman/issues/7415
Below is my test configuration, ipv4 works, but ipv6 does not. This same service works with ipv6 on my Fedora machine with rootless podman:
name echo {
image docker.io/ealen/echo-server:latest
network podman {
}
port http {
destination 80
listen-address ::
listen-address 0.0.0.0
source 8080
}
}
network podman {
prefix FD00:172:45::/48
prefix 172.45.0.0/16
}Comment Actions
In my internal tests, it works even without listen-address
set container name c1 image 'docker.io/ealen/echo-server' set container name c1 network NET01 set container name c1 port web destination '80' set container name c1 port web source '8080' set container network NET01 prefix '10.0.0.0/24' set container network NET01 prefix '2001:db8:2222::/64' set interfaces dummy dum0 address '2001:db8:1111::1/64' set interfaces dummy dum0 address '203.0.113.1/32'
show:
vyos@r14# run show container CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 270b3122ba22 docker.io/ealen/echo-server:latest 32 minutes ago Up 32 minutes ago 0.0.0.0:8080->80/tcp c1 [edit] vyos@r14#
Check:
$ curl http://203.0.113.1:8080 {"host":{"hostname":"203.0.113.1","ip":"::ffff:192.168.122.1","ips":[]},"http":{"method":"GET","baseUrl":"","originalUrl":"/","protocol":"http"},"request":{"params":{"0":"/"},"query":{},"cookies":{},"body":{},"headers":{"host":"203.0.113.1:8080","user-agent":"curl/7.81.0","accept":"*/*"}},"environment":{"TERM":"xterm","container":"podman","NODE_VERSION":"18.17.1","YARN_VERSION":"1.22.19","PATH":"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin","HOME":"/root","HOSTNAME":"270b3122ba22"}}sever@sever:~$ $ $ curl http://[2001:db8:1111::1]:8080 {"host":{"hostname":"[2001:db8:1111::1]","ip":"2001:470:71:458::1","ips":[]},"http":{"method":"GET","baseUrl":"","originalUrl":"/","protocol":"http"},"request":{"params":{"0":"/"},"query":{},"cookies":{},"body":{},"headers":{"host":"[2001:db8:1111::1]:8080","user-agent":"curl/7.81.0","accept":"*/*"}},"environment":{"TERM":"xterm","container":"podman","NODE_VERSION":"18.17.1","YARN_VERSION":"1.22.19","PATH":"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin","HOME":"/root","HOSTNAME":"270b3122ba22"}}
But then I get
$ curl http://[2001:db8:1111::1]:8080 curl: (7) Failed to connect to 2001:db8:1111::1 port 8080 after 3067 ms: No route to host
Update:
After adding link-local address it seems to be working again
sudo ip a add fe80::18ff:65ff:fea4:1111/64 dev pod-NET01
check:
$ curl http://[2001:db8:1111::1]:8080 {"host":{"hostname":"[2001:db8:1111::1]","ip":"2001:470:71:458::1","ips":[]},"http":{"method":"GET","baseUrl":"","originalUrl":"/","protocol":"http"},"request":{"params":{"0":"/"},"query":{},"cookies":{},"body":{},"headers":{"host":"[2001:db8:1111::1]:8080","user-agent":"curl/7.81.0","accept":"*/*"}},"environment":{"TERM":"xterm","container":"podman","NODE_VERSION":"18.17.1","YARN_VERSION":"1.22.19","PATH":"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin","HOME":"/root","HOSTNAME":"270b3122ba22"}}
Comment Actions
PR to fix indentation: https://github.com/vyos/vyos-1x/pull/2171
As reported here: https://forum.vyos.io/t/vyos-container-missing-ports/11949