Port forwarding to libvirt guest stopped working in 10.4.0

Unfortunately I’ve very little knowledge of networks/firewall/… But still some time ago I managed to pass traffic to my virtual machine, so I could access services running inside from any device in my network. This worked quite well for the last few years, but now somehow stopped working. I still can get a connection to the host machine, but the forwarding to the guest no longer works. I didn’t change anything so I suspect some update broke it.

I read in the most recent update notes that libvirt changed firewall backends from iptables to nftables - I’ve little idea what consequences that might have. Could it be the reason for my problems? or any other idea, what might be going on?

Here’s what I did in the past and what was working:

/usr/sbin/iptables -I FORWARD -o virbr0 -d 192.168.122.200 -j ACCEPT
/usr/sbin/iptables -t nat -I PREROUTING -d 192.168.1.200 -p tcp --dport 5001 -j DNAT --to 192.168.122.200:5001
/usr/sbin/iptables -t nat -I PREROUTING -d 192.168.1.200 -p tcp --dport 9000 -j DNAT --to 192.168.122.200:9000
/usr/sbin/ip address add 192.168.1.200/24 dev enp7s0

Currently I can access the guest from the host machine via 192.168.122.200:5001, so this is working. I can also access services on my host from the other devices (e.g. 192.168.1.200:80), so this is working as well.

I already tried changing /usr/sbin/iptables to /usr/sbin/iptables-nft but that didn’t change anything.

Update: I’ve established that it is an update-problem. After downgrading to libvirt 10.3.0 it worked again. Going back to 10.4.0 it breaks.