Redirecting to VETH device

I am attempting to use podman to execute a container running a web server.
This works just fine, but I am unable to redirect from wan -> container.

I have tryied all possible cni network solutions, unfortunately dhcp with macvlan did not work out, since that propably had been some advancement on this..

Any of solutions did not work out.
Whether I use fw3 or fw4, it never redirects to veth device. Currently I am trying with fw4, using nftables(-json). I have built support for cni-nftables but that won't help either.. Currently I am running with ptp (point to point) setup. Very similar to bridge in general..

Let's call LAN and podman is where VETH has - container, or pod has ip does not map to even though I publish ports. Publishing won't also publish ports on ANY interface, only directly connecting to accesses..

If I locally use curl to retrieve index.html from it works just fine. When I make a redirect from WAN:80 or WAN:whatever(for e.g. 1080) to and attempt to curl from WAN ip, failure is guaranteed again. No access.

Firewall does seem to work, if I point a port to (luci) - uhttpd serves. uhttpd setup is made so that it runs only at so it won't run on other interfaces except br-lan. But all redirects to veth network fail.

my firewall setup relevant to podman is:

config zone
	option name 'podman'
	option input 'ACCEPT'
	option forward 'ACCEPT'
	option output 'ACCEPT'
	option masq '1'
	option mtu_fix '1'
	list device 'veth+'
	list subnet ''
	option family 'ipv4'

config forwarding
	option src 'lan'
	option dest 'podman'

config redirect
	option target 'DNAT'
	option name 'http'
	list proto 'tcp'
	option src 'wan'
	option src_dport '80'
	option dest_port '80'
	option dest_ip ''
	option enabled '1'

my network config does not have entry for podman, only lan and wan and zerotier vpn.

Any assitance? I am running on a recent snapshot with kernel 5.10 on x86_64.

Answering to my own question.

After a while I lost setup that gave me a working environment for podman in nftables secured network. Containers lost their connectivity to internet completely and I was not able to give back access to internet. I probably could had, but that would had been a lot of extra tinkering, so it wasn't worth it. So back to iptables (yes, iptables can be used also with nftables, but that is not the case this time).

Finally I found out the reason why it didn't work- I had set up my zone for containers to ipv4 only, as podman enables only ipv4- and that was the reason why forwarding and redirection failed as families were different.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.