Hi

Host: Fedora 23
Guest: CentOS 7.0
KVM/QEMU

Here is what I am trying to do.
Set up NAT on the host system (Fedora 23) so that the guest (CentOS 7.0) would be visible from outside (by other devices connected to the same router)
And then I intend to set up NAT on the router so that this guest machine would be visible to the world. In the following sense:
When you type in the public IP that has been assigned to my router in your web browser you can access the web server running on the CentOS machine.
And I would really like to use firewalld for this configuration on the host.

Here is what I have tried:

Host:192.168.1.137 : Zone public : masquerading on : interface enp9s0
Guest: 192.168.122.10 interface vibr0 port 80 is opened

net.ipv4.ip_forward=1 => /etc/sysctl.conf

sysctl -p

firewall-cmd --zone=public --add-forward-port=port=80roto=tcp:toport=80:toaddr=192.168.122.10

When I make a request via web browser to 192.168.1.137(HOST) form my phone on the same network I cannot reach the web server running on 192.168.122.10

Note:
I do understand that I am probably doing something extremely stupid, and I am kinda stuck, been going over the firewall-cmd command line documentation but it seams to be lacking in terms of examples for the NAT setup.

Thank you all for your time.

Double NAT'ing and triple NAT'ing on a network is never a good idea. Why don't you change the VM interface to a bridge and give the VM an IP address on the network? Then you can use guests firewall to control what it allowed to enter and what is not without worring about NAT'ing.

Also note that you do not have to use firewalld you can use iptables if that is what you are used to. Just google on how to switch from firewalld to iptables.

That is what I ended up doing.
May I ask why would a double NAT be a bad idea?

For starters troubleshooting. Another point of failure.