How to setup a port forwarding DNAT for a VM in RHEL8/9

Solution In Progress - Updated -

Issue

  • DNAT rules for VM destinations in firewall(iptables/nftable) are preempted by LIBVIRT* rules
  • virtnetworkd builds LIBVIRT* rules that break firewalld DNAT rules for VM traffic
  • LIBVIRT_* iptables/nftable rules block traffic explicitly allowed by firewalld rules.

Environment

Red Hat Enterprise Linux 8 (RHEL8)
Red Hat Enterprise Linux 9 (RHEL9)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content