This is my VM network configuration on virt-manager:
And this is my VM ip a
:
[root@fedora ~]# ip a
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 52:54:00:6a:95:5c brd ff:ff:ff:ff:ff:ff
inet 192.168.122.224/24 brd 192.168.122.255 scope global dynamic noprefixroute enp1s0
valid_lft 3242sec preferred_lft 3242sec
inet6 fe80::5054:ff:fe6a:955c/64 scope link noprefixroute
valid_lft forever preferred_lft forever
And this my Host ip a
:
17: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 52:54:00:f8:dc:89 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
Now I opened a server listening port 8000 on my Host, and netstat
shows:
$ netstat -and | grep 8000
tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN
and several running results of firewall-cmd
are:
$ firewall-cmd --list-all
FedoraWorkstation (active)
target: default
icmp-block-inversion: no
interfaces: br123 wlp1s0
sources:
services: dhcpv6-client mdns samba-client ssh
ports: 1025-65535/udp 1025-65535/tcp
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
$ firewall-cmd --list-ports
1025-65535/tcp 1025-65535/udp
$ firewall-cmd --add-port=8000/tcp
Warning: ALREADY_ENABLED: '8000:tcp' already in 'FedoraWorkstation'
success
$ firewall-cmd --list-ports
1025-65535/tcp 1025-65535/udp
I guess that now it would be accessible from VM to Host, on port 8000, but it is not:
[root@fedora ~]# nc 192.168.122.1 8000
Ncat: Connection refused.
[root@fedora ~]# nmap 192.168.122.1
Starting Nmap 7.93 ( https://nmap.org ) at 2022-09-27 10:19 CST
Nmap scan report for fedora (192.168.122.1)
Host is up (0.00030s latency).
Not shown: 987 filtered tcp ports (no-response), 11 filtered tcp ports (port-unreach)
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
MAC Address: 52:54:00:F8:DC:89 (QEMU virtual NIC)
Nmap done: 1 IP address (1 host up) scanned in 7.27 seconds
[root@fedora ~]# nc 192.168.122.1 22
SSH-2.0-OpenSSH_8.8
^C
[root@fedora ~]#
As it showed, port 22 is opened and accessible, but not true for 8000. This is weird 
@lruzicka Thanks for sharing your configutaion, I think mine is not much different than yours, but I still got situations here.
@computersavvy As the commands output shown, it seems my Host firewall has never made port 8000 accessible from outside, is my guess correct? If so, How can make it accessible like port 22 and port 53?