Hi,
Is there a solution to use Foo Over UDP in a unprivileged container?
Using RFC8086 (http://www.rfc-editor.org/rfc/rfc8086.txt), I would like to use Foo over UDP to create a tunnel between my LXD container and a remote server and to encapsulate GRE, or IPIP, in it . I cannot directly use GRE because of NAT (there is one intermediary router doing NAT on which I can only do tcp or udp port-forwarding), so Foo Over UDP looks like a nice solution.
Yet my issue is creating the Foo tunnel is rejected in a unprivileged container (here running Debian 10 or ubuntu 19.04):
ip fou add port 9876 ipproto 47
RTNETLINK answers: Operation not permitted
This works well in a privileged container, but I would like to it avoid to be prvileged…
Is there any way to do this?
Thank you!
[Edit:] Maybe I should also precise that the container has a physical access to the nic, wheras the host has no IP address on that nic. It’s configured like this:
config:
bridge.driver: native
bridge.external_interfaces: enp5s0
ipv4.address: none
ipv4.firewall: "true"
ipv4.nat: "false"
ipv6.address: none
ipv6.nat: "false"
description: ""
name: lxdbr0
type: bridge
managed: true
status: Created
used_by: [...]