TL;DR: I want to access port 443 at the host IP address from within a VM on the same host, and have my request forwarded to a different VM on the same host.
I am using Libvirt to manage some VMs running on QEMU/KVM on a Debian 9 host. I have used Libvirt to configure a NAT network (subnet 192.168.122.0/24 with gateway 192.168.122.1) and have a hook script that sets the following iptables rules:
iptables -D FORWARD -m state -d 192.168.122.0/24 --state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -D PREROUTING -p tcp -d 192.168.0.2 --dport 443 -j DNAT --to-destination 192.168.122.128:443
They essentially port-forward connections to the host port to the guest. These allow the service running on port 443 of the VM at 192.168.122.128 to be accessible via the external IP of the host (192.168.0.2) on 443.
I want to be able to access the port-forwarded services (either 192.168.0.2:443 or 192.168.122.1:443) from VMs running on the same host. Currently, my requests are not forwarded when I access port 443 on a VM on the same NAT network.
How can I port-forward from host to guest and guest to guest using iptables?
