Description of problem: DomU cannot be reached from wkstn on a nat IP from eth1 which is not bridged. DomU can be pinged from Dom0 or wkstn. System setup is simple: dom0: eth0 has real IP address to internet dom0: eth1 has nat IP address to internal network dom0: *nat rule for postrouting domU: eth0 has real IP address to internet Domu can be pinged from wkstn and dom0, DomU can ping Dom0 and wkstn ssh and httpd (only major services setup on domU) see a connection on DomU but data does not reach the nat IP address the request came from. running: iptables -t nat -L -nv on domU corrects this. Once list command above is run, everything works properly. If iptables service is restarted, it stops working again. Version-Release number of selected component (if applicable): kernels: Dom0: 2.6.16-1.2122_FC5xen0 DomU: 2.6.16-1.2122_FC5xenU iptables: iptables-1.3.5-1.2 How reproducible: 100% Steps to Reproduce: 1. setup server and workstation as listed above. 2. run: service iptables restart 3. try to browse or ssh from wkstn to domU, it doesn't fail to connect, it just sits waiting for a response. 4. on domU run: iptables -t nat -L -nv 5. repeat step 3 response from domU is received properly. Actual results: when iptables is restarted on domU, services cannot be connected to from a wkstn with a nat ip address on a non bridged eth1. Once iptables -t nat -L -nv is run on domU, all services can be connected to properly. Expected results: no communication restricted except based on firewall rules and available services. Additional info:
change QA contact
This report targets FC5, which is now end-of-life. Please re-test against Fedora 7 or later, and if the issue persists, open a new bug. Thanks