https://bugzilla.suse.com/show_bug.cgi?id=1214160 https://bugzilla.suse.com/show_bug.cgi?id=1214160#c16 --- Comment #16 from Roy Bellingan <admin@seisho.us> --- I am using tumbleweed (last version as of 2024-0-04), also tried on a 15.5 on my live server and same behaviour. In short libvirt redid several time the config reset the system whatever, never works. LXD forwarding works on the first try. **** I retried the network setup and if I want to forward into a libvirtd managed instance if keeps failing (currently bypassing the problem using socat, but it does not perform ip rewrite so is a problem) I also tried to nat into a LXD container and is working fine for this one... The command I use to create the nat rule is the classic (this one below if for the lxd container, the other I just change the ip) firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" destination address="192.168.178.2" forward-port port="1201" protocol="tcp" to-port="1201" to-addr="10.29.49.148"' --permanent When I try to access the libvirt one wireshark report a ICMP response Destination unreachable (Port unreachable) The response looks like is generated NOT on the libvirt interface (if I put wireshark listening here I have nothing) but on the eth0 one If I remove the NAT rule (and start nc) it will work fine. So is the firewall that goes crazy when the rule is present... ? -- You are receiving this mail because: You are on the CC list for the bug.