podman: No connection could be made because the target machine actively refused it

Bug description

note: realize this could be the same issue as https://github.com/containers/podman-desktop/issues/1173, but I have tried to provide more information and am not sure if it’s really the same. Ok to close as duplicate if deem so.

I have saved an image from the internet machine and bring into an air-gapped machine to load it in.

I encounter the following error

Error: failed to connect: dial tcp [::1]:49675: connectex: No connection could be made because the target machine actively refused it.

Operating system

Windows 10

Version

0.12.0

Steps to reproduce

// save image on internet machine
docker save busybox:latest > busybox.tar

// load image on air-gapped machine
podman load < busybox.tar

Docker was installed but not running. I did start Docker afterwards, but the same error occur

Initially, I was thinking if this has something to do with DOCKER_HOST, so I followed the guide but when I ran the command

podman machine inspect

The output

[
     {
          "ConfigPath": {
               "Path": "C:\\Users\\bwgjoseph\\.config\\containers\\podman\\machine\\wsl\\podman-machine-default.json"
          },
          "ConnectionInfo": {
               "PodmanSocket": null
          },
          "Created": "2023-02-18T11:25:40.0285425-08:00",
          "Image": {
               "IgnitionFilePath": {
                    "Path": ""
               },
               "ImageStream": "custom",
               "ImagePath": {
                    "Path": "C:\\Users\\bwgjoseph\\.local\\share\\containers\\podman\\machine\\wsl\\podman-image-x64.tar.xz"
               }
          },
          "LastUp": "2023-02-18T13:43:18.4028289-08:00",
          "Name": "podman-machine-default",
          "Resources": {
               "CPUs": 2,
               "DiskSize": 550502400,
               "Memory": 325951488
          },
          "SSHConfig": {
               "IdentityPath": "C:\\Users\\bwgjoseph\\.ssh\\podman-machine-default",
               "Port": 49675,
               "RemoteUsername": "user"
          },
          "State": "running"
     }
]

Relevant log output

> podman system connection list


Name                         URI                                                          Identity                                        Default
podman-machine-default       ssh://user@localhost:49675/run/user/1000/podman/podman.sock  C:\Users\bwgjoseph\.ssh\podman-machine-default  true
podman-machine-default-root  ssh://root@localhost:49675/run/podman/podman.sock            C:\Users\bwgjoseph\.ssh\podman-machine-default  false

podman machine info

Host:
  Arch: amd64
  CurrentMachine: podman-machine-default
  DefaultMachine: podman-machine-default
  EventsDir: C:\Users\bwgjoseph\.local\share\containers\podman\podman
  MachineConfigDir: C:\Users\bwgjoseph\.config\containers\podman\machine\wsl
  MachineImageDir: C:\Users\bwgjoseph\.local\share\containers\podman\machine\wsl
  MachineState: Running
  NumberOfMachines: 1
  OS: windows
  VMType: wsl
Version:
  APIVersion: 4.4.1
  Built: 1675890486
  BuiltTime: Wed Feb  8 13:08:06 2023
  GitCommit: 34e8f3933242f2e566bbbbf343cf69b7d506c1cf
  GoVersion: go1.19.5
  Os: windows
  OsArch: windows/amd64
  Version: 4.4.1

Additional context

It looks a little related to
I also tried rebooted my machine. This is running on a Virtual Machine if this helps

About this issue

Original URL
State: closed
Created a year ago
Reactions: 3
Comments: 79 (17 by maintainers)

Most upvoted comments

I encountered the same problem, and I think I found a solution, at least for my case. tl;dr, run the following commands with admin privilege powershell fix the problem for me

net stop winnat
net start winnat

And here’s what I have tried.

I tried to run SSH to localhost in podman-machine-default, and it worked, so seems like the sshd is working correctly
Also checked the sshd service and log, didn’t see anything looks like it’s not working
I checked my wslconfig, and it seems like localhostForwarding should be enabled by default
I ran simple http server in a WSL instance with port like 8080, and localhostForwarding is working correctly by running a wslrelay.exe for that port
Then I wondered, what about the port 60516 assigned by podman for the ssh connection? So I tried to shutdown sshd and run a simple http server instead, somehow the localhostForwarding feature of WSL is not working for that port (no wslrelay.exe started)

After some research, I finally found this WSL issues:

https://github.com/microsoft/WSL/issues/5306

Not sure how WSL works for making the reserved ports, but somehow the port assigned by podman got reserved by WSL. I ran

netsh int ipv4 show excludedportrange protocol=tcp

and the result:

Protocol tcp Port Exclusion Ranges

Start Port    End Port
----------    --------
      5357        5357
     50000       50059     *
     56547       56646
     56647       56746
     59963       60062
     60063       60162
     60263       60362
     60363       60462
     60463       60562
     60563       60662
     60663       60762
     60763       60862
     60866       60965
     61283       61382
     61514       61613
     61614       61713
     61714       61813
     61814       61913
     61914       62013
     62014       62113
     62114       62213
     62214       62313
     62314       62413
     62414       62513
     62514       62613

* - Administered port exclusions.

As you can see my assigned port 60516 is covered by the excluded range 60463 to 60562, and probably that’s now wslrelay.exe is not started for the port.

After restarting the service:

net stop winnat
net start winnat

And see the excluded port ranges again:

netsh int ipv4 show excludedportrange protocol=tcp

Protocol tcp Port Exclusion Ranges

Start Port    End Port
----------    --------
      5357        5357
     50000       50059     *

* - Administered port exclusions.

The podman port is not in the excluded list and thus working as expected now. I didn’t dig too deep into why WSL is excluding tons of ports like that and somehow those ports covered podman’s SSH port, could be a bug. People we are interested can dig deeper into the issue I found. But I guess podman desktop might need to find a way to workaround that issue by selecting a port less likely to be excluded by WSL or maybe come up with a way to dynamically select one not from the excluded range.

fangpenlin on Jul 5, 2023

After numerous different attempts fixing this issue, including reinstalling fresh podman, I finally was able to make it work. Windows 10 Podman: v4.4.4 Podman-desktop: v0.13.0

Not sure which exact step fixed the issue, or if the order made any difference, but these are the steps:

podman machine stop
wsl --unregister podman-machine-default
podman system connection remove --all
Uninstalled Podman 4.4.4
Uninstalled Podman Desktop
Manually removed folder C:\Users\user\.config\containers
Manually removed folder C:\Users\user\.local\share\containers
Manually removed both podman-machine-default files from C:\Users\user\.ssh
Installed Podman 4.4.4
Installed Podman Desktop

Paths for 6-8, I referenced from earlier podman machine inspect run command

Hope someone finds this helpful

moderncodes on Apr 4, 2023

I ran into this same issue after a Windows 10 update this week. Moving from 4.5.0 to 4.5.1 then running the following fixed it: podman machine rm podman machine init podman machine start

jaxor24 on Jun 4, 2023

I ran into this same issue after a Windows 10 update this week. Moving from 4.5.0 to 4.5.1 then running the following fixed it: podman machine rm podman machine init podman machine start

This solved the issue for me. Podman v4.5.1 in W10

caaromerogi on Jun 21, 2023

Hi @n1hility This is something serious on going issue, we already communicated to application team to use the podman but folks are facing lot of issues podman-pull

tppalani on May 29, 2023