Hi,
I'd like to propose a new option for passt, working title --no-map-host,
as a complement to the existing --no-map-gw.
The gap
--no-map-gw prevents the guest from reaching host loopback services via
the gateway address mapping, which is useful. However, there is
currently no mechanism to prevent the guest from reaching services bound
to the host's real external address (e.g. 0.0.0.0:22).
Because passt proxies outbound guest connections as the host user, a
connection from the guest to the host's own external IP is transparently
forwarded — passt opens the socket on the host side and the connection
succeeds. From the perspective of the service being connected to (e.g.
sshd), it appears as a local connection.
A concrete example with a typical setup:
passt -t 2222 --no-map-gw --vhost-user --socket /tmp/passt-vm
ss -tulpn shows:
tcp LISTEN 0.0.0.0:22 sshd
From inside the guest, a compromised or untrusted workload can reach
sshd directly:
ssh user(a)192.168.1.x # host's external IP, connection succeeds
This also enables VM-to-VM lateral movement when multiple guests share
the same host: each guest can reach the others' forwarded ports via the
host's external IP.
The operator has no indication this is happening. Services bound to
0.0.0.0 are generally considered "LAN-exposed" rather than
"VM-guest-exposed", and this assumption is silently violated.
Proposed option
--no-map-host, which would cause passt to drop or reject TCP/UDP
connections from the guest whose destination matches any of the host's
own configured addresses (the same addresses passt already knows about
for DHCP/NDP assignment purposes).
An alternative spelling --map-host-addr none modelled on
--map-host-loopback none would also be consistent with the existing
option naming.
This would stay entirely within passt's existing socket-layer design and
require no new privileges.
Why this matters for rootless setups
The primary audience for passt is rootless VM deployments where
TAP+bridge (the traditional isolation mechanism) is not available
without privilege. In these setups, passt is the only network layer, so
operators rely on it to provide whatever isolation is possible.
--no-map-gw is a good step in that direction; --no-map-host would close
the remaining obvious gap.
Happy to discuss or test patches. Thanks for the project — it's been
very useful.
Best,
baleti