How to enable inbound/outbound traffic with no restrictions to a VM

[LavBU]

System Information

Linux distribution

Centos7

Terraform version

terraform -v

Terraform v1.3.9
on linux_amd64
+ provider registry.terraform.io/dmacvicar/libvirt v0.7.1
+ provider registry.terraform.io/hashicorp/template v2.2.0

Provider and libvirt versions

terraform-provider-libvirt -version

libvirtd (libvirt) 4.5.0

__

Description of Issue/Question

I deploy a VM with no issues. but have issues with the network connection to it as follows:

When using Bridge mode:

• VM inbound: Traffic is only allowed from the VM subnet network to the VM server.
• VM outbound: Traffic is only allowed from the VM server to the VM subnet network
• It means that I can't ping/SSH the VM if my source server is on a different network (but I can reach that VM host).

When using NAT mode:

• VM inbound: Traffic allowed, only from the Physical Host to VM
• VM outbound: The VM can ping/SSH to any address
• It means that I can't ping/SSH the VM if my source server is on a different network (but I can reach that VM host).

I notice that when using "nat" mode, the physical host gets iptables roles which block the connections. but even if deleting iptables rules, the connections are still blocked.

Setup

Relevant main.tf part (in nat mode):

resource "libvirt_network" "vm_main_network" {
  name = "${var.VM_HOSTNAME}_network"
  mode = "nat"
  domain = "${var.VM_HOSTNAME}.local"
  addresses = ["${var.VM_MAIN_RANGE}"]
  dhcp {
   enabled = false
  }
  dns {
   enabled = true
  }
}

resource "libvirt_domain" "vm" {
  count = var.VM_COUNT
  name = "${var.VM_HOSTNAME}-${count.index}"
  memory = var.VMEM
  vcpu = var.VCPU
  cloudinit = "${libvirt_cloudinit_disk.cloudinit.id}"
  network_interface {
    network_id = "${libvirt_network.vm_main_network.id}"
    network_name = "${libvirt_network.vm_main_network.name}"
    addresses      = ["${var.IP_MAIN}"]
  }

---

Additional information:

I'm trying to find a way, which will allows me to reach the new deployed VM from any server on my network (which has a route to the VM physical host) as well to be able to connect any server from inside the VM.

Appreciate any help.

Thanks, Lavi

[LavBU]

I used a wrong default gateway. in bridge mode inbound and outbound traffic is working with no restrictions.