Podman container unable to connect to another containers port forward

Solution Verified - Updated -


  • Red Hat Enterprise Linux 7


  • When trying to connect from one container to another container running on the same host via a forwarded port, this fails:

    # podman create -p 5001:80/tcp --name=hello-world-a nginxdemos/hello
    # podman create -p 5002:80/tcp --name=hello-world-b nginxdemos/hello
    # podman start hello-world-a hello-world-b
    # podman exec hello-world-a wget
    Connecting to (
    index.html           100% |*******************************|  7218   0:00:00 ETA
    # podman exec hello-world-a wget
    Connecting to (


  • Red Hat is aware of this issue and is tracking the fix in RHBZ#1703261.
  • A workaround is to manually load the br_netfilter module using modprobe br_netfilter before invoking podman. To permanently enable this workaround, please apply the following steps:

    # Load br_netfilter module
    modprobe br_netfilter
    # Ensure it's loaded on boot
    cat > /etc/modules-load.d/podman-net.conf  <<EOF
    # Setup sysctl params, these persist across reboots
    cat > /etc/sysctl.d/podman-net.conf <<EOF
    net.bridge.bridge-nf-call-iptables  = 1
    net.ipv4.ip_forward                 = 1
    net.bridge.bridge-nf-call-ip6tables = 1
    # Load systcl params
    sysctl --system

Root Cause

  • /proc/sys/net/bridge/bridge-nf-call-iptables is set to 0

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.