On Thu, 28 Nov 2024 20:21:23 -0500 Jon Maloy <jmaloy(a)redhat.com> wrote:I am even questioning if it is necessary: If the port is bound on the host, the client only needs to use some of the non-loopback addresses on the host to reach it via the tap interface.The same applies to inbound traffic by the way, as I mentioned: just use a non-loopback address in the namespace/guest to reach it via the tap interface: $ { sleep 1; : | nc -4 -N passt.top 9999; } & ./pasta -q --config-net -p nc.pcap -t 9999 -- nc -q1 -l 9999 [1] 2052460 [1]+ Done { sleep 1; : | nc -4 -N passt.top 9999; } $ tshark -r nc.pcap ip 8 0.968929 88.198.0.161 → 88.198.0.164 TCP 62 55898 → 9999 [SYN] Seq=0 Win=65535 Len=0 MSS=61440 WS=256 11 0.968967 88.198.0.164 → 88.198.0.161 TCP 62 9999 → 55898 [SYN, ACK] Seq=0 Ack=1 Win=65480 Len=0 MSS=65480 WS=4096 12 0.969000 88.198.0.161 → 88.198.0.164 TCP 54 55898 → 9999 [ACK] Seq=1 Ack=1 Win=65536 Len=0 13 0.969017 88.198.0.161 → 88.198.0.164 TCP 54 55898 → 9999 [FIN, ACK] Seq=1 Ack=1 Win=65536 Len=0 14 0.969063 88.198.0.164 → 88.198.0.161 TCP 54 9999 → 55898 [FIN, ACK] Seq=1 Ack=2 Win=65536 Len=0 15 0.969118 88.198.0.161 → 88.198.0.164 TCP 54 55898 → 9999 [ACK] Seq=2 Ack=2 Win=65536 Len=0 ...that is, I guess that you or David find this convenient, but strictly speaking, it's also unnecessary (actually, I won't use it myself, because it's more typing). -- Stefano