Unable to expose container ports when running rootless containers
Environment
- Red Hat Enterprise Linux 7
- Red Hat Enterprise Linux 8
- Red Hat Enterprise Linux 9
- podman
Issue
- When trying to run a rootless container with port mapping, it fails to be accessible on the host port
$ podman run -itd -p 8085:8080 registry.access.redhat.com/ubi8/nginx-122
9d998b8b1b494ad100acc87c113052096f37c8e570e347a2995c73edfa7329cc
$ curl localhost:8085
curl: (7) Failed to connect to localhost port 8085: Connection refused
Resolution
- This might be probably because of firewall rules(considering all other aspects to be working fine on the host).
- When a container is run as rootless users with port mapping, this needs to be added to the firewall so that it accessible on the port. Please run
firewall-cmd --add-port xxx/tcpas root user(or as a privileged user) to include the port to list of allowed ports - The container(or nginx webpage in this example) can now be accessible on the port with no errors
- This is not the same for root users since when mapping as root user(or with sudo) the ports are automatically added to firewall and are accessible by default without the need to make changes manually
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments