Debian 11 and Podman: fixing ping inside the containers

After updating one of my servers to from Debian 10 to Debian 11 I decided to get start getting rid of Docker and use Podman instead.

One of the containers is running checkmk, and after switching to Podman, everything was working except that the ping command failed to ping any IP or hostname at all. Same for the check_icmp and check_ping commands that were working just fine at Docker.

First stop: containers do not have NET_RAW capability by default. But even specifying it, or even using –cap-add=ALL, the container could still not ping anything.

It seems that enabling net.ipv4.ping_group_range is required, and despite systemd 243 should have it according to the link, systemd 247 on Debian 11 does not configure it.

So while that is sorted out, I ran:

sysctl net.ipv4.ping_group_range="0 2147483647" 

And then created a file /etc/sysctl.d/ping_group_range.conf with the following content (for persistance):

net.ipv4.ping_group_range = 0 2147483647

And ping, as well as check_icmp and check_ping started to work again

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.