Hi; I previously asked this on the Podman mailing list, but I'm not sure if the issue in question is a feature of Podman or Passt (or both), and I got no replies from the Podman list, so I figured I'd try here as well.

We're running some rootless Podman containers set up to use Pasta 2023_03_29.b10b983 for networking. One of the containers needs to access the host machine port 443 with its public IP address, but this causes a Connection Refused error. Any other public IP is accessible normally.

This is specific to the containers; the host has no problem accessing itself with the public IP.

The containers are set up with systemd generators (quadlet), with networking configured very simply:


Podman has a --map-gw option useable with Pasta that seemed like it might help, but it didn't.

"Network=pasta:--map-gw,-t,auto,-T,auto" fails like this at container startup:

  Error: failed to start pasta:
  Port forwarding mode 'none' conflicts with previous mode

"Network=pasta:-t,auto,-T,auto,--map-gw" started the container fine, but did not fix the Connection Refused error. Apparently --map-gw just isn't the right option here.

I don't know if the inability to contact the public IP is a feature of Podman or Pasta, but I'm hoping you're able to at least narrow it down for me.

Is there a workaround on the Pasta side?

Thanks in advance!

- JK Laiho