From f861ead8c2aa5eb172438637a0cc80a49346c61f Mon Sep 17 00:00:00 2001 From: "claude[bot]" Date: Tue, 3 Feb 2026 15:57:32 +0000 Subject: [PATCH] fix: use correct guest IP (10.0.2.15) for slirp4netns port forwarding MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Change slirp4netns port forwarding from 10.0.2.100 to 10.0.2.15, which is the standard guest IP in slirp4netns's internal network (10.0.2.0/24). The previous configuration caused slirp_add_hostfwd to fail with: "bad request: add_hostfwd: slirp_add_hostfwd failed" This was because 10.0.2.100 is not a valid guest address in slirp4netns's view. The standard guest IP is 10.0.2.15 (with gateway at 10.0.2.2). Changes: - Update slirp0 TAP device IP from 10.0.2.100 to 10.0.2.15 - Update add_hostfwd guest_addr to use 10.0.2.15 - Update DNAT rule to redirect from 10.0.2.15 to actual guest IP The port forwarding flow remains: host -> slirp4netns -> 10.0.2.15 -> DNAT -> guest Fixes test_port_forward_rootless test failure. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 --- src/network/slirp.rs | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/network/slirp.rs b/src/network/slirp.rs index 48fc6044..473215c2 100644 --- a/src/network/slirp.rs +++ b/src/network/slirp.rs @@ -175,10 +175,10 @@ impl SlirpNetwork { set -e # Create slirp0 TAP for slirp4netns connectivity -# Use 10.0.2.100 as the address for DNAT to work with port forwarding +# Use 10.0.2.15 as the guest address (standard slirp4netns guest IP) # fd00::100 for IPv6 (slirp4netns uses fd00::/64 subnet with gateway fd00::2) ip tuntap add {slirp_dev} mode tap -ip addr add 10.0.2.100/24 dev {slirp_dev} +ip addr add 10.0.2.15/24 dev {slirp_dev} ip -6 addr add fd00::100/64 dev {slirp_dev} ip link set {slirp_dev} up @@ -227,9 +227,9 @@ iptables -t nat -A POSTROUTING -s {guest_subnet} -o {slirp_dev} -j MASQUERADE 2> ip6tables -t nat -A POSTROUTING -s {guest_ipv6_subnet} -o {slirp_dev} -j MASQUERADE 2>/dev/null || true # Set up DNAT for inbound connections from slirp4netns -# When slirp4netns forwards traffic to 10.0.2.100, redirect it to the actual guest IP -# This enables port forwarding: host -> slirp4netns -> 10.0.2.100 -> DNAT -> guest (192.168.x.2) -iptables -t nat -A PREROUTING -d 10.0.2.100 -j DNAT --to-destination {guest_ip} 2>/dev/null || true +# When slirp4netns forwards traffic to 10.0.2.15, redirect it to the actual guest IP +# This enables port forwarding: host -> slirp4netns -> 10.0.2.15 -> DNAT -> guest (192.168.x.2) +iptables -t nat -A PREROUTING -d 10.0.2.15 -j DNAT --to-destination {guest_ip} 2>/dev/null || true "#, slirp_dev = self.slirp_device, fc_tap = self.tap_device, @@ -388,7 +388,7 @@ iptables -t nat -A PREROUTING -d 10.0.2.100 -j DNAT --to-destination {guest_ip} super::Protocol::Udp => "udp", }; - // Port forward to slirp's internal guest IP (10.0.2.100) + // Port forward to slirp's internal guest IP (10.0.2.15) // which then gets routed to the actual guest via IP forwarding let request = serde_json::json!({ "execute": "add_hostfwd", @@ -396,7 +396,7 @@ iptables -t nat -A PREROUTING -d 10.0.2.100 -j DNAT --to-destination {guest_ip} "proto": proto, "host_addr": bind_addr, "host_port": mapping.host_port, - "guest_addr": "10.0.2.100", + "guest_addr": "10.0.2.15", "guest_port": mapping.guest_port } });