Bug#934676: Please clarify that systemd-nspawn(1) --port= is IPv4-only (no IPv6)

Trent W. Buck trentbuck at gmail.com
Tue Aug 13 10:12:14 BST 2019 

Package: systemd-container
Version: 241-5
Severity: wishlist

systemd-nspawn --port=tcp:2022:22 redirects
port 2022/tcp (on the host) to
port 22/tcp (on the guest).

(This is equivalent to "-net user,hostfwd=::2022-:22" in qemu VMs.)


AFAICT systemd-nspawn only does this for IPv4 (not IPv6).
This was not obvious to me from the manpage.

Please either fix --port to support IPv6, or
clearly document that --port is IPv4-only.


I suggest something like the below.

PS: I also fixed the confusing phrase "IP port".
    Per the nft(8) manpage,
    IPv4 and IPv6 do not have ports.
    TCP, UDP, UDP-Lite, and SCTP have ports.

PPS: Based on "iptables -m sctp --help", it should be trivial to add SCTP support to --port=.
(I don't personally care about that.)


diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml
index 8c1a1e6871..1a5ec798ed 100644
--- a/man/systemd-nspawn.xml
+++ b/man/systemd-nspawn.xml
@@ -916,8 +916,8 @@
         <term><option>-p</option></term>
         <term><option>--port=</option></term>
 
-        <listitem><para>If private networking is enabled, maps an IP
-        port on the host onto an IP port on the container. Takes a
+        <listitem><para>If private networking is enabled, maps a TCP (or UDP)
+        port on the host onto a TCP (or UDP) port on the container. Takes a
         protocol specifier (either <literal>tcp</literal> or
         <literal>udp</literal>), separated by a colon from a host port
         number in the range 1 to 65535, separated by a colon from a
@@ -928,7 +928,9 @@
         same port as the host port is implied. This option is only
         supported if private networking is used, such as with
         <option>--network-veth</option>, <option>--network-zone=</option>
-        <option>--network-bridge=</option>.</para></listitem>
+        <option>--network-bridge=</option>.</para>
+
+        <para>As at systemd v242, this option always affects IPv4, and never affects IPv6.</para></listitem>
       </varlistentry>
     </variablelist>

More information about the Pkg-systemd-maintainers mailing list