Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Port forwarding doesn't work for non-127.0.0.1 localhost #3539

Open
matthew-nichols opened this issue Oct 14, 2024 · 0 comments
Open

Port forwarding doesn't work for non-127.0.0.1 localhost #3539

matthew-nichols opened this issue Oct 14, 2024 · 0 comments
Labels
area/network area/rootless Rootless mode bug Something isn't working

Comments

@matthew-nichols
Copy link

Description

nerdctl run --rm -p 127.0.0.2:8080:80 nginx does not work as expected:

$ curl 127.0.0.2:8080
curl: (56) Recv failure: Connection reset by peer

nerdctl run --rm -p 127.0.0.1:8080:80 nginx does work, and outputs the appropriate nginx welcome page from curl 127.0.0.1:8080

Can confirm (on another Linux box) that the same functionality (listen on 127.0.0.2:8080) works in rootless Podman.

Note: the output for nerdctl port in general, seems reversed to what I would expect but contains the right address:

$ nerdctl port nginx
80/tcp -> 127.0.0.2:8080
$ nerdctl port nginx
80/tcp -> 127.0.0.1:8080

ss also confirms something is listening on the right address:

$ sudo ss -tupln | grep 8080
tcp   LISTEN 0      4096            127.0.0.2:8080       0.0.0.0:*    users:(("rootlesskit",pid=1820,fd=30))

Steps to reproduce the issue

1.Install and setup rootless nerdctl
2.Run nerdctl run --rm -p 127.0.0.2:8080:80 nginx
3.Attempt curl 127.0.0.2:8080
4.Get reset by peer

Describe the results you received and expected

Received: reset by peer
Expected: to be connected to the service in the container

What version of nerdctl are you using?

nerdctl version 2.0.0-rc.2, rootless, Linux (Pop!_OS 22.04 LTS), install from tar

Are you using a variant of nerdctl? (e.g., Rancher Desktop)

None

Host information

$ nerdctl info
Client:
 Namespace:	default
 Debug Mode:	false

Server:
 Server Version: v2.0.0-rc.4
 Storage Driver: overlayfs
 Logging Driver: json-file
  Cgroup Driver:  : systemd
  Cgroup Version: : 2
 Plugins:
  Log:     fluentd journald json-file syslog
  Storage: native overlayfs stargz
 Security Options:
  apparmor
  seccomp
   Profile:	builtin
  cgroupns
  rootless
 Kernel Version:   6.9.3-76060903-generic
 Operating System: Pop!_OS 22.04 LTS
 OSType:           linux
 Architecture:     x86_64
 CPUs:             16
 Total Memory:     30.56GiB
 Name:             hostname
 ID:               2eb24a77-0449-485d-b84a-e18aca278b1e

WARNING: AppArmor profile "nerdctl-default" is not loaded.
         Use 'sudo nerdctl apparmor load' if you prefer to use AppArmor with rootless mode.
         This warning is negligible if you do not intend to use AppArmor.
WARNING: No cpu cfs period support
WARNING: No cpu cfs quota support
WARNING: No cpu shares support
WARNING: No cpuset support
WARNING: IPv4 forwarding is disabled
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
@matthew-nichols matthew-nichols added the kind/unconfirmed-bug-claim Unconfirmed bug claim label Oct 14, 2024
@AkihiroSuda AkihiroSuda added bug Something isn't working area/rootless Rootless mode area/network and removed kind/unconfirmed-bug-claim Unconfirmed bug claim labels Oct 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/network area/rootless Rootless mode bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@matthew-nichols @AkihiroSuda