diff options
| author | Stefano Brivio <sbrivio@redhat.com> | 2022-10-07 04:53:40 +0200 |
|---|---|---|
| committer | Stefano Brivio <sbrivio@redhat.com> | 2022-10-15 02:10:36 +0200 |
| commit | c1eff9a3c622516c7bb9194a1df50dfe01281c56 (patch) | |
| tree | 01dc155f0b38022a511f37e3760b0844ffa195e2 /passt.1 | |
| parent | a62ed181db9ba7d85d057365d5331dd35026247f (diff) | |
| download | passt-c1eff9a3c622516c7bb9194a1df50dfe01281c56.tar passt-c1eff9a3c622516c7bb9194a1df50dfe01281c56.tar.gz passt-c1eff9a3c622516c7bb9194a1df50dfe01281c56.tar.bz2 passt-c1eff9a3c622516c7bb9194a1df50dfe01281c56.tar.lz passt-c1eff9a3c622516c7bb9194a1df50dfe01281c56.tar.xz passt-c1eff9a3c622516c7bb9194a1df50dfe01281c56.tar.zst passt-c1eff9a3c622516c7bb9194a1df50dfe01281c56.zip | |
conf, tcp, udp: Allow specification of interface to bind to
Since kernel version 5.7, commit c427bfec18f2 ("net: core: enable
SO_BINDTODEVICE for non-root users"), we can bind sockets to
interfaces, if they haven't been bound yet (as in bind()).
Introduce an optional interface specification for forwarded ports,
prefixed by %, that can be passed together with an address.
Reported use case: running local services that use ports we want
to have externally forwarded:
https://github.com/containers/podman/issues/14425
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Diffstat (limited to 'passt.1')
| -rw-r--r-- | passt.1 | 12 |
1 files changed, 10 insertions, 2 deletions
@@ -325,7 +325,8 @@ For low (< 1024) ports, see \fBNOTES\fR. .BR ports A comma-separated list of ports, optionally ranged with \fI-\fR, and, optionally, with target ports after \fI:\fR, if they differ. Specific addresses -can be bound as well, separated by \fI/\fR. Within given ranges, selected ports +can be bound as well, separated by \fI/\fR, and also, since Linux 5.7, limited +to specific interfaces, prefixed by \fI%\fR. Within given ranges, selected ports and ranges can be excluded by an additional specification prefixed by \fI~\fR. Specifying excluded ranges only implies that all other ports are forwarded. Examples: @@ -349,6 +350,9 @@ Forward local ports 22 to 80 to corresponding ports on the guest plus 10 -t 192.0.2.1/22 Forward local port 22, bound to 192.0.2.1, to port 22 on the guest .TP +-t 192.0.2.1%eth0/22 +Forward local port 22, bound to 192.0.2.1 and interface eth0, to port 22 +.TP -t 2000-5000,~3000-3010 Forward local ports 2000 to 5000, but not 3000 to 3010 .TP @@ -399,7 +403,8 @@ periodically derived (every second) from listening sockets reported by .BR ports A comma-separated list of ports, optionally ranged with \fI-\fR, and, optionally, with target ports after \fI:\fR, if they differ. Specific addresses -can be bound as well, separated by \fI/\fR. Within given ranges, selected ports +can be bound as well, separated by \fI/\fR, and also, since Linux 5.7, limited +to specific interfaces, prefixed by \fI%\fR. Within given ranges, selected ports and ranges can be excluded by an additional specification prefixed by \fI~\fR. Specifying excluded ranges only implies that all other ports are forwarded. Examples: @@ -424,6 +429,9 @@ namespace -t 192.0.2.1/22 Forward local port 22, bound to 192.0.2.1, to port 22 in the target namespace .TP +-t 192.0.2.1%eth0/22 +Forward local port 22, bound to 192.0.2.1 and interface eth0, to port 22 +.TP -t 2000-5000,~3000-3010 Forward local ports 2000 to 5000, but not 3000 to 3010 .TP |