So I was setting up a minecraft server today. I thought it would be an easy job; write an Ansible role, set some options for the server and done. With containers this shouldn't be a problem.

Turns out that there was a problem: connecting to the server.

Now I already knew that I had ufw running and network access would be solved with a simple ufw allow. So i tried ufw allow 25565 aaaaaand...nothing.

Logs looked fine, port was open but i couldn't connect. A little search and a little later and I found the issue: it was podman, or rather the network stuff that podman (and docker for that matter) does.

Even if you forwarded the port with podman run -p <port>:<port> ... you couldn't connect to it. The solution was to add an ufw route like this:

ufw route allow in on eth0 out on podman0 to any port 25565

This routed the traffic forward to the container on connections to port 25565 and it works like a charm.