Comment # 16 on bug 1214160 from Roy Bellingan

I am using tumbleweed (last version as of 2024-0-04), also tried on a 15.5 on
my live server and same behaviour.

In short libvirt redid several time the config reset the system whatever, never
works.

LXD forwarding works on the first try.


****

I retried the network setup and if I want to forward into a libvirtd managed
instance if keeps failing (currently bypassing the problem using socat, but it
does not perform ip rewrite so is a problem)

I also tried to nat into a LXD container and is working fine for this one...

The command I use to create the nat rule is the classic (this one below if for
the lxd container, the other I just change the ip)

firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" destination
address="192.168.178.2" forward-port port="1201" protocol="tcp" to-port="1201"
to-addr="10.29.49.148"' --permanent

When I try to access the libvirt one wireshark report a ICMP response
Destination unreachable (Port unreachable)

The response looks like is generated NOT on the libvirt interface (if I put
wireshark listening here I have nothing) but on the eth0 one

If I remove the NAT rule (and start nc) it will work fine. So is the firewall
that goes crazy when the rule is present... ?