Submission type

• Bug report

systemd version the issue has been seen with

232

NOTE: Do not submit bug reports about anything but the two most recently released systemd versions upstream!

Used distribution

Debian

In case of bug report: Expected behaviour you didn't see

Starting a nspawn container with the -p$port option allows one to connect to localhost:$port

In case of bug report: Unexpected behaviour you saw

Connecting to $public_ip:$port works, but connecting to localhost:$port doesn't. This is the iptables nat config nspawn generated for my container:

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DNAT       tcp  --  anywhere             anywhere             tcp dpt:7689 ADDRTYPE match dst-type LOCAL to:10.0.0.7:7689
<snip>
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
DNAT       tcp  --  anywhere            !loopback/8           tcp dpt:7689 ADDRTYPE match dst-type LOCAL to:10.0.0.7:7689

In case of bug report: Steps to reproduce the problem

Create a container with a network-listening service, and add a nspawn file exposing that port. Connections will be possible to the public ip address, but not to localhost.