Podman has networking problems

Podman is an incredible tool for local container hosting. If you don’t need a real Kubernetes cluster and want to run a couple of containerized services it’s the best tool. It supports pods, which Docker doesn’t, it has more options for networking.

Except for one big problem: IPv6.

It has IPv6 support in the CNI network stack but it lacks features. You can’t even set up a static IPv6 address for your container or pod.

Podman team knows about this and in version 4 they switched the networking stack from CNI to Netavark. It doesn’t have plugins, as CNI, but can do all standard setup by itself.

Netavark works much better with IPv6, but missing one crucial feature – you can’t disable iptables/nftables integration. It will inject its own rules and you can’t use your’s. 

Docker has an option to disable iptables integration. In the case of CNI, you can simply disable firewall plugins in network configuration.

Podman has this issue in their GitHub but seems as if it isn’t fixed yet.

So for now, if you want to host containers with full IPv6 support and control iptables/nftables rules manually it’s simpler to use Docker. 


2 responses to “Podman has networking problems”

  1. Jochen Demmer Avatar
    Jochen Demmer

    It seems they have implemented NETAVARK_FW=none.
    Another option is to use firewalld which works in conjunction with podman and IPv6

    1. Yes. They added an option to disable FW (and its implemented really “hacky” in the code, by ENV variable)

Leave a Reply

Your email address will not be published. Required fields are marked *