Ping a Specific Port

Question

Jori Mäntysalo

Asked: 2024-01-15 19:05:33 +0800 CST2024-01-15 19:05:33 +0800 CST 2024-01-15 19:05:33 +0800 CST

Unshare and port forwarding into namespace

772

I am playing with unshare to better understand containers. As a normal user, is it possible to make a namespace where a program could listen, say, port 123 and on the "main" namespace a port 1234 would be redirected to it?

I guess it should be, as Podman is rootless container engine and can do it. Looking man veth did not help.

1 Answers

Voted

larsks · Answer 1 · 2024-01-15T22:40:31+08:00

Best Answer

larsks

2024-01-15T22:40:31+08:002024-01-15T22:40:31+08:00

Podman works by using slirp4netns to manage a tap device inside the unprivileged container. From the README for slirp4netns:

Starting with Linux 3.8, unprivileged users can create network_namespaces(7) along with user_namespaces(7). However, unprivileged network namespaces had not been very useful, because creating veth(4) pairs across the host and network namespaces still requires the root privileges. (i.e. No internet connection)

slirp4netns allows connecting a network namespace to the Internet in a completely unprivileged way, by connecting a TAP device in a network namespace to the usermode TCP/IP stack ("slirp").

In order to achieve your goal, you would need to do something similar.

1

Unshare and port forwarding into namespace

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?