Home / server / Questions / 1131478
Accepted
chutz
Asked: 2023-05-19 06:01:56 +0800 CST

How to configure a podman container to let it communicate with the host as well?

  • 772

Is it possible to...

  • run a container with podman
  • which has an IP on the same subnet that the host is on
  • is accessible from every other host on the subnet
  • including the host itself?

I had partial success using both a macvlan and ipvlan drivers - I am able to run a container, give it an IP address, and this IP is then accessible from every other host on the network.

However, I cannot access to or from the host running the container.

I even tried with the latest versions of podman, netavark, cni-plugins built from source, which enabled the ipvlan driver with the same outcome.

I would prefer a pointer to a guide describing how to accomplish this, though troubleshooting advice is welcome, too.

networking

2 Answers

  1. Best Answer

    To do this, I only had to add an extra ipvlan interface on the host which allowed me to talk into the containers if podman also uses ipvlan.

    • Specify the network that the hosts will access this container from. E.g., 10.0.0.0/16
    • Allocate a subnet to use in the containers. Better if it is a subnet of my home network. E.g., 10.0.99.0/24. This subnet should be dedicated to the containers on this host.
    • Create an ipvlan podman network to use with the containers. It will be the same subnet as the host network, but IP allocation should be defined from the smaller subnet. E.g.:
    sudo podman network create -d ipvlan --subnet 10.0.0.0/16 --ip-range 10.0.99.0/24 --ipam-driver host-local podnet
    • Create a host IPVlan interface and assign it an IP address from the container network. E.g., 10.0.99.1. This is the interface the host can use to talk to the containers.
    • Update the podman network to skip the IP address used by the host: sudo vim /etc/cni/net.d/podnet.conflist and change rangeStart from 10.0.99.1 to 10.0.99.2.

    To create the ipvlan interface with systemd, I had to

    1. Add a IPVLAN = podnet to the [Network] section of the file defining my host network interface, which will create a podnet network interface plugged to the parent.
    2. Create configuration for the interface:
    cat > /etc/systemd/network/podnet.netdev <<EOF
[NetDev]
Name = podnet
Kind = ipvlan
EOF
cat > /etc/systemd/network/podnet.network <<EOF
[Match]
Name = podnet
[Network]
IPForward = yes
Address = 10.0.99.1/24
EOF

    In all fairness, the same approach worked with macvlan instead of ipvlan, but parts of my network were unable to reach the host with the MACVlan interface, so I switched to IPVlan for better interoperability.

    Another issue I faced was due to podman defaulting to netavark, and netavark IPVlan support is only available in podman 4.5+, while I was still on 4.3. Switching the network backend to cni fixed this problem.

    cat > /etc/containers/containers.conf <<EOF
[network]
network_backend = "cni"
EOF
    • 1

  2. Not exactly what you asked, but you can quite simple share the same IP address as the host, read along to see if its of any help for you:

    What you need to do is add to podman run the --network=host This essentially mean that you share the same network stack with the host machine, so you should take into account the following:

    • you cannot use the same listening ports as the host. so for example - if you run a server as port 80, the host can't do it.
    • your container can access local (127.0.0.1) services on the host and vice versa. basically, you are way less "contained" this way. this has is pros and cons, make sure you know what you are doing.
    • 0