Using nftables to forward HTTP(s) traffic to VM guest without masquerade

nat port-forwarding kvm-virtualization nftables masquerade

The following conditions must be fulfilled in order to VM be able to receive connections from outside:

  1. VM has a default route pointing to 192.168.122.1.
  2. Firewall has DNAT rule configured.

In your case, first one is likely missing. This results in VM network stack dropping the SYN-ACK packets sent by the TCP protocol. This happens because the client VM does not know where to forward the response packet.

Related

Out of memory at 72% usage
RAID 10 Cluster Size for SQL Dynamics AX Database
Android: setSelection having no effect on Spinner
What makes a static variable initialize only once?
Is Maven ready for JDK9?
Rails: Could not find railties
std::to_string - more than instance of overloaded function matches the argument list
Represent space and tab in XML tag?
Javascript - No 'Access-Control-Allow-Origin' header is present on the requested resource
MySQL order by "best match"
Default keyword in Swift parameter
Python Argparse conditionally required arguments