Giters

robbertkl / docker-ipv6nat

Extend Docker with IPv6 NAT, similar to IPv4

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

If there is any plan for support podman/crio

deshui123 opened this issue · comments

commented

When using podman/crio instead of docker, this way cann't work well for pure IPv6

There is no docker0 interface and not DOCKER related ip6table chains

When run this container, get following issue:
2020/01/14 06:21:10 running [/sbin/iptables -t nat -C OUTPUT -m addrtype --dst-type LOCAL -j DOCKER --wait]: exit status 2: iptables v1.8.3 (legacy): Couldn't load target `DOCKER':No such file or directory

Platform: CentOS8

[root@henry-1921-cs-01 ~]# ip a s cni0
4: cni0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 96:1c:1d:bc:a7:60 brd ff:ff:ff:ff:ff:ff
inet6 fd00:4::1/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::941c:1dff:febc:a760/64 scope link
valid_lft forever preferred_lft forever

[root@henry-1921-cs-01 ~]# podman info
host:
BuildahVersion: 1.6-dev
Conmon:
package: Unknown
path: /usr/libexec/crio/conmon
version: 'conmon version 2.0.1, commit: HEAD'
Distribution:
distribution: '"centos"'
version: "8"
MemFree: 6477934592
MemTotal: 8191897600
OCIRuntime:
package: containerd.io-1.2.10-3.2.el7.x86_64
path: /usr/bin/runc
version: |-
runc version 1.0.0-rc8+dev
commit: 3e425f80a8c931f88e6d94a8c831b9d5aa481657
spec: 1.0.1-dev
SwapFree: 0
SwapTotal: 0
arch: amd64
cpus: 4
hostname: henry-1921-cs-01
kernel: 4.18.0-80.11.2.el8_0.x86_64
os: linux
rootless: false
uptime: 7h 7m 26.76s (Approximately 0.29 days)
insecure registries:
registries: []
registries:
registries:

  • registry.redhat.io
  • quay.io
  • docker.io
    store:
    ConfigFile: /etc/containers/storage.conf
    ContainerStore:
    number: 0
    GraphDriverName: overlay
    GraphOptions: null
    GraphRoot: /data0/storage
    GraphStatus:
    Backing Filesystem: extfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Using metacopy: "false"
    ImageStore:
    number: 2
    RunRoot: /var/run/containers/storage

[root@henry-1921-cs-01 ~]# ip6tables -nvL
.....
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 CNI-FORWARD all * * ::/0 ::/0 /* CNI firewall plugin rules */

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain CNI-FORWARD (1 references)
pkts bytes target prot opt in out source destination
0 0 CNI-ADMIN all * * ::/0 ::/0 /* CNI firewall plugin rules */

Chain CNI-ADMIN (1 references)
pkts bytes target prot opt in out source destination

commented

Currently, there are no plans to support podman / crio. The scope of the project is to mirror Docker IPv4 NAT behavior. I'm not very familiar with podman / crio, but if it's doing its networking in a different way than Docker does, it won't be feasible to support it in this tool.