Windows host is unreachable from inside container or podman machine

[maxirass]

Issue Description

I am trying to reach my host from a container (which I use for openapi-generator).
I have already tried different flags and settings.
Neither host.containers.internal nor --network=host can I access the swagger api on localhost:5001.
If I execute ps auxww | grep pasta in the podman-machine-default:

user         626  0.0  0.0  68476 24308 ?        Ss   10:48   0:00 /usr/bin/pasta --config-net --dns-forward 169.254.1.1 -t none -u none -T none -U none --no-map-gw --quiet --netns /run/user/1000/netns/netns-ef11a5a8-056d-9e22-cfdc-83fa701bceae --map-guest-addr 169.254.1.2
user         734  0.0  0.0   3952  1880 pts/1    S+   10:56   0:00 grep --color=auto pasta

I start an alpine container:
podman run --rm -it alpine sh

Then these are the following outputs:

These is the ip route output inside the podman machine:

ip route
default via 172.29.32.1 dev eth0 proto kernel
172.29.32.0/20 dev eth0 proto kernel scope link src 172.29.37.89

I have the problem with Podman v 5.0.0 / 5.3.0 and 5.3.x

The only thing that has worked so far is using
networkingMode=mirrored in the .wslconfig
and starting the container with --network=host.
Then I can access the swagger api directly with localhost or 127.0.0.1. However, this causes other problems with my DB, which is why this is not an option!

Steps to reproduce the issue

1. Create default podman machine
2. Create standard alpine container and install curl
3. Some service, like swagger api, is running on the host, e.g. localhost:5001 or 127.0.0.1:5001
4. Try to curl the swagger.json file

Describe the results you received

From inside the container!

 curl -v https://host.containers.internal:5001/swagger/v1/swagger.json
* Host host.containers.internal:5001 was resolved.
* IPv6: (none)
* IPv4: 169.254.1.2
*   Trying 169.254.1.2:5001...
* connect to 169.254.1.2 port 5001 from 172.29.37.89 port 42238 failed: Operation timed out
* Failed to connect to host.containers.internal port 5001 after 131710 ms: Could not connect to server
* closing connection #0
curl: (28) Failed to connect to host.containers.internal port 5001 after 131710 ms: Could not connect to server

or

nslookup host.containers.internal
Server:         169.254.1.1
Address:        169.254.1.1:53

** server can't find host.containers.internal: SERVFAIL

** server can't find host.containers.internal: SERVFAIL

but when I ping:

ping host.containers.internal:5001
PING host.containers.internal:5001 (169.254.1.2): 56 data bytes
64 bytes from 169.254.1.2: seq=0 ttl=42 time=0.974 ms
64 bytes from 169.254.1.2: seq=1 ttl=42 time=0.445 ms
64 bytes from 169.254.1.2: seq=2 ttl=42 time=0.449 ms

Describe the results you expected

Host service, like a swagger api, should be reachable from inside the container via
host.containers.internal

Output should be similar to the curl command from the windows host (powershell):

 curl -v https://localhost:5001/swagger/v1/swagger.json
* Host localhost:5001 was resolved.
* IPv6: ::1
* IPv4: 127.0.0.1
*   Trying [::1]:5001...
* Connected to localhost (::1) port 5001
* schannel: disabled automatic use of client certificate
* ALPN: curl offers http/1.1
* ALPN: server accepted http/1.1
* using HTTP/1.x
> GET /swagger/v1/swagger.json HTTP/1.1
> Host: localhost:5001
> User-Agent: curl/8.9.1
> Accept: */*

podman info output

host:
  arch: amd64
  buildahVersion: 1.38.0
  cgroupControllers: []
  cgroupManager: cgroupfs
  cgroupVersion: v1
  conmon:
    package: conmon-2.1.12-2.fc40.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.12, commit: '
  cpuUtilization:
    idlePercent: 99.62
    systemPercent: 0.25
    userPercent: 0.13
  cpus: 12
  databaseBackend: sqlite
  distribution:
    distribution: fedora
    variant: container
    version: "40"
  eventLogger: journald
  freeLocks: 2048
  hostname: PASO-070
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 524288
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 524288
      size: 65536
  kernel: 5.15.167.4-microsoft-standard-WSL2
  linkmode: dynamic
  logDriver: journald
  memFree: 41296322560
  memTotal: 42063781888
  networkBackend: netavark
  networkBackendInfo:
    backend: netavark
    dns:
      package: aardvark-dns-1.13.1-1.fc40.x86_64
      path: /usr/libexec/podman/aardvark-dns
      version: aardvark-dns 1.13.1
    package: netavark-1.13.1-1.fc40.x86_64
    path: /usr/libexec/podman/netavark
    version: netavark 1.13.1
  ociRuntime:
    name: crun
    package: crun-1.19.1-1.fc40.x86_64
    path: /usr/bin/crun
    version: |-
      crun version 1.19.1
      commit: 3e32a70c93f5aa5fea69b50256cca7fd4aa23c80
      rundir: /run/user/1000/crun
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL
  os: linux
  pasta:
    executable: /usr/bin/pasta
    package: passt-0^20241211.g09478d5-1.fc40.x86_64
    version: |
      pasta 0^20241211.g09478d5-1.fc40.x86_64
      Copyright Red Hat
      GNU General Public License, version 2 or later
        <https://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
      This is free software: you are free to change and redistribute it.
      There is NO WARRANTY, to the extent permitted by law.
  remoteSocket:
    exists: true
    path: unix:///run/user/1000/podman/podman.sock
  rootlessNetworkCmd: pasta
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: false
  serviceIsRemote: true
  slirp4netns:
    executable: ""
    package: ""
    version: ""
  swapFree: 32212254720
  swapTotal: 32212254720
  uptime: 0h 7m 16.00s
  variant: ""
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries:
  search:
  - docker.io
store:
  configFile: /home/user/.config/containers/storage.conf
  containerStore:
    number: 0
    paused: 0
    running: 0
    stopped: 0
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /home/user/.local/share/containers/storage
  graphRootAllocated: 1081101176832
  graphRootUsed: 942125056
  graphStatus:
    Backing Filesystem: extfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Supports shifting: "false"
    Supports volatile: "true"
    Using metacopy: "false"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 1
  runRoot: /run/user/1000/containers
  transientStore: false
  volumePath: /home/user/.local/share/containers/storage/volumes
version:
  APIVersion: 5.3.1
  Built: 1732147200
  BuiltTime: Thu Nov 21 01:00:00 2024
  GitCommit: ""
  GoVersion: go1.22.7
  Os: linux
  OsArch: linux/amd64
  Version: 5.3.1

Podman in a container

No

Privileged Or Rootless

Rootless

Upstream Latest Release

Yes

Additional environment details

wsl --version
WSL-Version: 2.3.26.0
Kernelversion: 5.15.167.4-1
WSLg-Version: 1.0.65
MSRDC-Version: 1.2.5620
Direct3D-Version: 1.611.1-81528511
DXCore-Version: 10.0.26100.1-240331-1435.ge-release
Windows-Version: 10.0.22631.4751

No networkingMode changed

Additional information

No response