Can't connect to rootless podman container with tailscale on host

Just trying tailscale for the first time. Got four devices, four different OS’s hooked up in minutes - very impressive!

But I hit a snag.

I have a Debian server running tailscale, which I can access over the VPN via ssh, or the service running directly on port 80 (ipv4 or 6, very cool). All good.

What I can’t access is the service running in a podman rootless container, that’s exposed on the lan on 8888.

Works fine if I’m on the LAN, but over tailscale.

ss -tulp shows tcp LISTEN 0 4096 *:8888 : users:((“exe”,pid=529693,fd=12))

It’s probably in the interaction between podman rootless networking and tailscale?

Thoughts on what to try? Or any other info needed?

It works for me using rootless podman on CentOS 8.5 (Actually Rocky Linux 8.5) and the included podman 3.4.2 with Tailscale 1.24.2.
It could be an interaction between rootless networking and Tailscale, but I’d suggest eliminating other possibilities first.

  • Which version of Debian, kernel, podman, Tailscale?
  • What is your firewall setup? iptables? nftables? firewalld?
  • If you run sudo tcpdump -i tailscale0 do you see packets destined for :8888 arriving?
  • Do you have ACLs set up within Tailscale?
  • If you switch from a podman rootless container to a “rootful” container or switch from podman to Docker, does it work?

Oh my goodness.
It was the firewall.

THANK YOU for making me go back to basics and troubleshoot like it was a network issue. Being new to Tailscale I wasn’t thinking it through properly.

1 Like