Podman internal network and name resolution

Using podman, I try to host multiple containers that are gaped from the internet, but can find each other based on their container names. Using a separate network with internal: true I am able to separate them from the host system and running podman as non-root the name resolution works as well.

However, I am forced to host the containers via sudo, which breaks somehow the name resolution on my fedora server system. Investigating further, I noticed that if I disable the firewall everything works as intended. Does someone have more insight on why this is happening and how I could work around that?

More details in my overflow question: networking - Internal network container name resolution - Stack Overflow

Make all the containers the part of the same pod, so they share the pod’s network. So you create a pod using podman that has your network setup for use and any shared storage, etc… then you add each of your containers to the pod and when you want to use them together you start your pod with podman. Here is Podman’s doc’s on networking https://github.com/containers/podman/blob/main/docs/tutorials/basic_networking.md

Hi @jakfrost , thx for the answer.
However, isn’t that what the following compose file will do? (taken from my original overflow question)

version: '3'

    driver: bridge
    internal: true
    driver: bridge
    container_name: A
      - no-internet
      - B
     // Stuff related to A
    container_name: B
      - no-internet
     // Stuff related to B
    - no-internet
    - internet
     - 80:80
     - A
      // Stuff related to proxy

I don’t know, is it for a pod? If you type podman pod --help and podman pod create --help at the command line you can see the options with pod’s. The idea is things like shared networking, shared storage, across multiple pods can be managed by making a pod with those shared resources first then adding your containers to the pod. The document link I provided for Podman does contain examples of using pod’s for this very thing as well the networking link provides alternative methods I think.

to clarify, using the podman-compose method leads to a non-pod setup. Since I already wrote a bunch of scripts for my homelab I would like to stay on that route. I now “resolved” the situation by creating a custom firewall rule for DNS. That way the container can discover each other on the same network, but can’t go outside (why this is needed is still an open topic)