From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: passt.top; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=Y0LRSHZA; dkim-atps=neutral Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by passt.top (Postfix) with ESMTPS id 7D2AF5A0653 for ; Mon, 22 Dec 2025 23:51:20 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1766443879; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=yIDerzWdDCh+RIEX84/aec7tkOOCTMzNd3TKNG/zvJw=; b=Y0LRSHZAcwLOdkXGsypV5+OIyPi40CjHxoRBQC45Dg2CkA745kRdhHgJo87zhM1hIdbo5f 4w0PL/MIfz4GHhVA8ws3th/iO2byZLloJVPzXVvBBGk8816ezlSmA+na6RIGKtLqiylvxg Wt9/Z6HaHM5iQJhTXNgW5Bd53+lhgOs= Received: from mail-wr1-f70.google.com (mail-wr1-f70.google.com [209.85.221.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-203-nYQFIsv8PcWqYGSHvzrO9g-1; Mon, 22 Dec 2025 17:51:17 -0500 X-MC-Unique: nYQFIsv8PcWqYGSHvzrO9g-1 X-Mimecast-MFC-AGG-ID: nYQFIsv8PcWqYGSHvzrO9g_1766443876 Received: by mail-wr1-f70.google.com with SMTP id ffacd0b85a97d-430f5dcd4d3so2495661f8f.1 for ; Mon, 22 Dec 2025 14:51:17 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1766443876; x=1767048676; h=content-transfer-encoding:mime-version:organization:references :in-reply-to:message-id:subject:cc:to:from:date:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=yIDerzWdDCh+RIEX84/aec7tkOOCTMzNd3TKNG/zvJw=; b=U8AOMvzXSUpmm/43hDlH3NRuNHxCi/QNNa0oip3g3XBJB18ERWKauGsh2gfUV/JdAD QJe68iPW5AqsCXcBXalwO8yVl3tj2vvYEdj2GIHsmtgMd3E4ns0JTFlK/xPyuMuRlTU4 CZaTnMP7tPKoQKZ2JTjWVPZ2PxxLhFAbO4QSivH4m6m5Y4q4pHyaEIwZk0zF2/GoXCyr ruqo7rmVypqnMzW2OoOrI+Q4CGiZwXjAb64RdhQ8raFZepca5GoQwhjYnNvo12j6ky7E lLpEx3ecxwuwRgE4y9cy+wsAiReyn4E/gIOaQ9OCHnOLmfYUsujWegX6UF3IZpKtEyoz l2dw== X-Gm-Message-State: AOJu0YzX6LSQJD4NJqXeqM4JKYDvKN5inX+w1UcS703DQQEVw3SdF3QG qN/ANXjBQLV4A8T56iHy10VENmKi3Godgx4Fl+ceCua0rRXMqICXxw3iLlAYwsdyOP4rSAWD3rR Thof1qp3v7kpMoGeejte+8Vd/fW7XEhHFxwb0DovaoE9XbJKh1SCbAR9+/t/yU3g= X-Gm-Gg: AY/fxX5on9ZGXKFbLkxRz58ZU4CPJUjAw6gIkWv/aJMf0tiyzAWEKj+nzH10jKNxLsh 1cXJN9U/hhdiOl4FSEy/X+K6iqPgSiKYeINLfKwcclbp2rczjHkZkK8FglKfVw4mP6yOcdR+0Eg 7o3mrUNcEKBkaZAKk6mg27/IHXZiqCE7pP33xPZrX+rYt6gvG069yPTu72kDNZoZCHMnxlltY52 xekrGue9q1+hZ3yTInHThiNlbovDQswBDnkrEdgkFg5anPWKJY/P34bu914sRDuHoiRKxmPZgCc wRBiH5YD+lxx3FfERJMDKO4yntpAvSbJ1k2NNenc0hpaXnGMA024j1ZQqqcmu5KGyvrEvczvUro s2alojqbYy1y3tt9MBuwF X-Received: by 2002:a05:6000:2389:b0:430:fe6c:b1aa with SMTP id ffacd0b85a97d-432448c9ddemr19359647f8f.26.1766443875971; Mon, 22 Dec 2025 14:51:15 -0800 (PST) X-Google-Smtp-Source: AGHT+IHoM+RC51tMwZmeA+dCV/kf6x53vkv6+kTH2gBmODfdb86lvGYMC808vyAY2SAVtxaJlUz4fw== X-Received: by 2002:a05:6000:2389:b0:430:fe6c:b1aa with SMTP id ffacd0b85a97d-432448c9ddemr19359629f8f.26.1766443875547; Mon, 22 Dec 2025 14:51:15 -0800 (PST) Received: from maya.myfinge.rs (ifcgrfdd.trafficplex.cloud. [2a10:fc81:a806:d6a9::1]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4324ea227casm24607920f8f.15.2025.12.22.14.51.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 22 Dec 2025 14:51:14 -0800 (PST) Date: Mon, 22 Dec 2025 23:51:13 +0100 From: Stefano Brivio To: Felix Rubio Subject: Re: Connecting back to the host through a dummy veth interface Message-ID: <20251222235113.7c592e54@elisabeth> In-Reply-To: <2724792.Lt9SDvczpP@altair> References: <176606116131.2775.3279769610610037541@maja> <5105334.31r3eYUQgx@altair> <20251221114722.2a613e94@elisabeth> <2724792.Lt9SDvczpP@altair> Organization: Red Hat X-Mailer: Claws Mail 4.2.0 (GTK 3.24.49; x86_64-pc-linux-gnu) MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: GcwqCQS-zufImQ0g0DzTGgtzYvHwxI950k6Exo1r1to_1766443876 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: O3HFA3Q5KOO3S3HOVAN336SWCYF7CIIP X-Message-ID-Hash: O3HFA3Q5KOO3S3HOVAN336SWCYF7CIIP X-MailFrom: sbrivio@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: passt-user@passt.top X-Mailman-Version: 3.3.8 Precedence: list List-Id: "For passt users: support, questions and answers" Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On Sun, 21 Dec 2025 16:32:23 +0100 Felix Rubio wrote: > Something more: I see that pasta is binding to 0.0.0.0. This means that, = while=20 > allows other pods to connect to the published port of a container through= =20 > 169.254.1.2, it also enables that port to be reachable from the network. >=20 > Is there any way to prevent that? Yes, you can specify specific addresses or interfaces to bind to, relevant examples from pasta(1): -t 192.0.2.1/22 Forward local port 22, bound to 192.0.2.1, to p= ort 22 on the guest -t 192.0.2.1%eth0/22 Forward local port 22, bound to 192.0.2.1 and = in=E2=80=90 terface eth0, to port 22 -t %eth0/22 Forward local port 22, bound to any address on = in=E2=80=90 terface eth0, to port 22 Podman supports part of that as well, see podman-run(1) (--publish) or: https://github.com/containers/podman/blob/2fbecb48e166ed79662ea5e45f2d560= 81ad08d3b/test/system/505-networking-pasta.bats#L186 for a summary. --=20 Stefano