port-forwarded service always appears to originate from 127.0.0.1

[andrewgdunn]

Reference: containers/podman#6965

the default approach of providing port-forwarding in rootless mode has switched (and been hard-coded) to rootlessport,
for the purpose of providing super performance. The side-effect of this switch is source within the container to the port-forwarded service always appears to originate from 127.0.0.1 (see this issue)

This commit allows a user to specify if they want to revert to the previous approach
of leveraging slirp4netns add_hostfwd() api which, although not as stellar performance,
restores usefulness of seeing incoming traffic origin IP addresses.

Will rootlesskit add features to be able to resolve the originating address when doing forwarding? Please forgive/close if this is the wrong place to report it, I assumed that the issue would be more pertinent here than in the podman repository.

[AkihiroSuda]

This is currently by design. Not sure how we could propagate the original src IP.

[andrewgdunn]

Excellent, thanks for clarification. I'm not familiar enough with the project intent/direction to disagree. I'll say from an end user standpoint we're happy to see this get merged so that we can specify slirp4netns. I'm really interested in the performance improvements that rootlesskit offers, but we're needing to see the source address inside the container (for ssh) as well as #153 bit us pretty hard.

Thanks for the quick feedback! I'll close this here. It's a good tombstone for others to find when they're trying to figure out why their source addressing looks like localhost.