Page MenuHomeVyOS Platform

Containers allow publish IPv6 address port
Closed, ResolvedPublicFEATURE REQUEST

Description

Add the ability to publish IPv6 addresses/ports

-p [::]:8080:80

Proposed configuration option ipv6

set container name busybox port web source 8080
set container name busybox port web destination 8

set container name busybox port web ipv6

Details

Version
-
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Feature (new functionality)

Event Timeline

That CLI node ipv6 only implements a minor subset of the entire featureset of port forwarding.

We should rather specify:

set container name <name> port <service-name> source <port>
set container name <name> port <service-name> destination <port>
set container name <name> port <service-name> listen-address

listen-address should allow any IPv4/IPv6 address and should be able to be specified multiple times (check if this is supported in podman)

It seems that only one address could be set

--publish, -p=[[ip:][hostPort]:]containerPort[/protocol]

https://docs.podman.io/en/latest/markdown/podman-create.1.html#publish-p-port

Update
it possible this way

vyos@r14# sudo podman run --rm -it --name foo  --net NET01 -p 192.0.2.1:8080:80 -p 192.168.122.14:8080:80 -p [2001:db8:1111::1]:8080:80 busybox
/ # 


vyos@r14# sudo podman port -l
80/tcp -> 192.0.2.1:8080
80/tcp -> 192.168.122.14:8080
80/tcp -> 2001:db8:1111::1:8080
[edit]
vyos@r14#
Viacheslav changed the task status from Open to In progress.Aug 23 2023, 11:57 AM
Viacheslav claimed this task.
Viacheslav changed the task status from In progress to Needs testing.Aug 23 2023, 8:16 PM

Thanks for adding the "listen-address" configuration option, unfortunately that alone may not be enough to make ipv6 services work on rootful podman. I didn't realize this since I primarily use rootless podman on my Fedora and SuSE machines or docker on the server side.

Here are relevant tickets:
https://github.com/containers/podman/issues/17782

https://github.com/containers/podman/issues/14491

Best discussion of the specific problem (even if closed)
https://github.com/containers/podman/issues/7415

Below is my test configuration, ipv4 works, but ipv6 does not. This same service works with ipv6 on my Fedora machine with rootless podman:

name echo {
    image docker.io/ealen/echo-server:latest
    network podman {
    }
    port http {
        destination 80
        listen-address ::
        listen-address 0.0.0.0
        source 8080
    }
}
network podman {
    prefix FD00:172:45::/48
    prefix 172.45.0.0/16
}

In my internal tests, it works even without listen-address

set container name c1 image 'docker.io/ealen/echo-server'
set container name c1 network NET01
set container name c1 port web destination '80'
set container name c1 port web source '8080'
set container network NET01 prefix '10.0.0.0/24'
set container network NET01 prefix '2001:db8:2222::/64'
set interfaces dummy dum0 address '2001:db8:1111::1/64'
set interfaces dummy dum0 address '203.0.113.1/32'

show:

vyos@r14# run show container 
CONTAINER ID  IMAGE                               COMMAND     CREATED         STATUS             PORTS                 NAMES
270b3122ba22  docker.io/ealen/echo-server:latest              32 minutes ago  Up 32 minutes ago  0.0.0.0:8080->80/tcp  c1
[edit]
vyos@r14#

Check:

$ curl http://203.0.113.1:8080
{"host":{"hostname":"203.0.113.1","ip":"::ffff:192.168.122.1","ips":[]},"http":{"method":"GET","baseUrl":"","originalUrl":"/","protocol":"http"},"request":{"params":{"0":"/"},"query":{},"cookies":{},"body":{},"headers":{"host":"203.0.113.1:8080","user-agent":"curl/7.81.0","accept":"*/*"}},"environment":{"TERM":"xterm","container":"podman","NODE_VERSION":"18.17.1","YARN_VERSION":"1.22.19","PATH":"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin","HOME":"/root","HOSTNAME":"270b3122ba22"}}sever@sever:~$ 
$ 
$ curl http://[2001:db8:1111::1]:8080
{"host":{"hostname":"[2001:db8:1111::1]","ip":"2001:470:71:458::1","ips":[]},"http":{"method":"GET","baseUrl":"","originalUrl":"/","protocol":"http"},"request":{"params":{"0":"/"},"query":{},"cookies":{},"body":{},"headers":{"host":"[2001:db8:1111::1]:8080","user-agent":"curl/7.81.0","accept":"*/*"}},"environment":{"TERM":"xterm","container":"podman","NODE_VERSION":"18.17.1","YARN_VERSION":"1.22.19","PATH":"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin","HOME":"/root","HOSTNAME":"270b3122ba22"}}

But then I get

$ curl http://[2001:db8:1111::1]:8080
curl: (7) Failed to connect to 2001:db8:1111::1 port 8080 after 3067 ms: No route to host

Update:
After adding link-local address it seems to be working again

sudo ip a add fe80::18ff:65ff:fea4:1111/64 dev pod-NET01

check:

$ curl http://[2001:db8:1111::1]:8080
{"host":{"hostname":"[2001:db8:1111::1]","ip":"2001:470:71:458::1","ips":[]},"http":{"method":"GET","baseUrl":"","originalUrl":"/","protocol":"http"},"request":{"params":{"0":"/"},"query":{},"cookies":{},"body":{},"headers":{"host":"[2001:db8:1111::1]:8080","user-agent":"curl/7.81.0","accept":"*/*"}},"environment":{"TERM":"xterm","container":"podman","NODE_VERSION":"18.17.1","YARN_VERSION":"1.22.19","PATH":"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin","HOME":"/root","HOSTNAME":"270b3122ba22"}}
Viacheslav moved this task from Open to Finished on the VyOS 1.4 Sagitta board.