From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com
Authentication-Results: passt.top;
	dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=bEj9A4Ih;
	dkim-atps=neutral
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	by passt.top (Postfix) with ESMTPS id DD6EF5A0652
	for <passt-user@passt.top>; Sat, 20 Dec 2025 15:12:32 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1766239951;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=EYvXfepDMOdwkUTf4PhAqkmLYsURHAHqOG5zJ4vS3jk=;
	b=bEj9A4IhMfiFJJyJheaBHPw/+hrzBvlAdBO6G+/Qf8hiy8sZXIhobQmcA08KPZXUTp41Mz
	QDUyUlwzT5qCALGPB/tfBqk2CQPqy5GZtlQzy08NSwmHCd5dwaEwJYtHT4cwO3oQa4WoyI
	VXf465w0Pxlxnq4CKytevrQiMMprWIY=
Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com
 [209.85.128.70]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-645-wJKGWaqMP5--GFo2JKj8YQ-1; Sat, 20 Dec 2025 09:12:28 -0500
X-MC-Unique: wJKGWaqMP5--GFo2JKj8YQ-1
X-Mimecast-MFC-AGG-ID: wJKGWaqMP5--GFo2JKj8YQ_1766239947
Received: by mail-wm1-f70.google.com with SMTP id 5b1f17b1804b1-477b8a667bcso32699765e9.2
        for <passt-user@passt.top>; Sat, 20 Dec 2025 06:12:28 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1766239947; x=1766844747;
        h=content-transfer-encoding:mime-version:organization:references
         :in-reply-to:message-id:subject:cc:to:from:date:x-gm-gg
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=EYvXfepDMOdwkUTf4PhAqkmLYsURHAHqOG5zJ4vS3jk=;
        b=ZYD5jbyCIkXFv2aLSxfQupSln91dzN4RKbuwDdObczalKbLvxJrkK5qwwA7fIvDycY
         nlP567OBcrHgw1ohUQ8/KJg2rP7EMekpAwi7LaczJSIdTM0YlS29NrR3YSejFuLaeeXD
         PsiiBWlyjJly9uSKHQteUQtAXk2Gt1o8+wc+r1RemDbdBCf6KY9fbX878DKQA7kxsos1
         ZJufdzd17Jo6dQ0xVwhNgVN24cHtjZGYJeNB2JDnFM4roL3d8jqTd+RhWoVZ0qCm28bv
         R1bTl0XoYmra3VThvKnwQFMTKqBXW/lftd8aYGWPL/7FIkMwSkGQVECEicUHvdvWnzHT
         8InQ==
X-Gm-Message-State: AOJu0YzQWAo6Hd1TWW++dRM0pITlTJObOfZKwB2xP1IxqXOtdNwXHCSO
	XokOGUtTE4QZ+HsSA/9s6QwbYUFjwdjyj+rmiVxl4AvgjGEwEsEdtFLznxFna87Nv+HV9KTN4JN
	ofruW0eqMpNmgtLkgF4wd065wwN9yfrOCTR9B0QVQifrPYjUSG7Xx9p8=
X-Gm-Gg: AY/fxX6g9FbM4l7ZR735rM+0dJ+Sg8i0X06kqHrCTdOP5LmiN8+YloKmFrA8zrBYZ78
	GzPFPDt8UYzaErNwigbmsncoIOMwQUUCWzrLdr9fXbU5s6BbNOusVxV3Xwm703JoaxitGZ83FUD
	hJgJd7I91EegE7oshRbkMaeMtlgYJBpAffGcLbiSN/dQh0WP/HpFgcVwRhYo6ysonDgetO7AyBY
	PkmcyJi9IZBgVnfAyvJ5cUFYdG3b73AAr4qOqCl3C0A0Df1HtuYfp+u2cb1ggSwaidcPBC8KVwV
	juyrMe3oQqtKMCjB/YNE2tZfpx54AvXQxGgAVHu+X3SlBMX/E5GXyAZtOAtlLQb2acrjrs37OW0
	7aL2fefauvn0D3XoaEGvT
X-Received: by 2002:a05:600c:198b:b0:477:9fcf:3fe3 with SMTP id 5b1f17b1804b1-47d1df12f84mr44173055e9.0.1766239947528;
        Sat, 20 Dec 2025 06:12:27 -0800 (PST)
X-Google-Smtp-Source: AGHT+IHclr4Qmee5PCIR+rdwm/KWhh9MQDG2THsft0eQmxkR2PE0eRpVJwQYkm5lEYiyleh3ncgoVg==
X-Received: by 2002:a05:600c:198b:b0:477:9fcf:3fe3 with SMTP id 5b1f17b1804b1-47d1df12f84mr44172705e9.0.1766239946757;
        Sat, 20 Dec 2025 06:12:26 -0800 (PST)
Received: from maya.myfinge.rs (ifcgrfdd.trafficplex.cloud. [2a10:fc81:a806:d6a9::1])
        by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4324ea82f6asm11334291f8f.27.2025.12.20.06.12.25
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sat, 20 Dec 2025 06:12:25 -0800 (PST)
Date: Sat, 20 Dec 2025 15:12:24 +0100
From: Stefano Brivio <sbrivio@redhat.com>
To: Felix Rubio <felix@kngnt.org>
Subject: Re: Connecting back to the host through a dummy veth interface
Message-ID: <20251220151224.1cc7c5cc@elisabeth>
In-Reply-To: <176606116131.2775.3279769610610037541@maja>
References: <176606116131.2775.3279769610610037541@maja>
Organization: Red Hat
X-Mailer: Claws Mail 4.2.0 (GTK 3.24.49; x86_64-pc-linux-gnu)
MIME-Version: 1.0
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: DiXtzaMPFq3d5XvgtMLEQROyIocFMM-qwIpV8nL_uhM_1766239947
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-ID-Hash: JWHSQJSLBPFBYDVXLTYYR2ZUN3RSN2LT
X-Message-ID-Hash: JWHSQJSLBPFBYDVXLTYYR2ZUN3RSN2LT
X-MailFrom: sbrivio@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-user@passt.top
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: "For passt users: support, questions and answers" <passt-user.passt.top>
Archived-At: <https://archives.passt.top/passt-user/20251220151224.1cc7c5cc@elisabeth/>
Archived-At: <https://passt.top/hyperkitty/list/passt-user@passt.top/message/JWHSQJSLBPFBYDVXLTYYR2ZUN3RSN2LT/>
List-Archive: <https://archives.passt.top/passt-user/>
List-Archive: <https://passt.top/hyperkitty/list/passt-user@passt.top/>
List-Help: <mailto:passt-user-request@passt.top?subject=help>
List-Owner: <mailto:passt-user-owner@passt.top>
List-Post: <mailto:passt-user@passt.top>
List-Subscribe: <mailto:passt-user-join@passt.top>
List-Unsubscribe: <mailto:passt-user-leave@passt.top>

Hi Felix,

On Thu, 18 Dec 2025 13:32:36 +0100
Felix Rubio <felix@kngnt.org> wrote:

> Hi everybody,
> 
> I am trying to run a number of rootless podman pods and containers by different 
> users, while still being able to talk to each other. To this end I am creating 
> a dummy veth interface and publishing all the exposed ports there (this works: 
> I can communicate from other host services with those containers), and I am 
> also trying to set that dummy veth interface as the default gateway for the 
> pods/containers (with the expectation that then they will be able to reach 
> each other). However, this is not working... and I am pretty lost.
> 
> For example, I am running the following command, trying to connect a ldap 
> client container to a ldap server container, unsuccessfully.
> 
> podman run --rm --dns=10.255.255.1 --network=pasta:--outbound-
> if4=cluster_dns0,--gateway=10.255.255.1 --add-host=ldap.host.internal:host-gateway sh -c "ip add && ip route && ldapwhoami -H ldaps://
> ldap.host.internal:1636"
> 
> Is this something impossible to do, or am I doing something wrong?

Sorry, I'm a bit swamped at the moment, and I plan to get back to you
in a bit, but meanwhile, I think the dummy veth trick is unnecessarily
complicated.

I think you could simply connect "to the host" and redirect from there
to the containers by means of mapped ports. See:

  https://blog.podman.io/2024/10/podman-5-3-changes-for-improved-networking-experience-with-pasta/

for a couple of details. But I'll try to come up with a full example
next.

-- 
Stefano