On host: $ ip a|grep wl 3: wlp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 inet 192.168.1.100/24 ...
Using: virt-manager > Edit > Connection Details > Virtual Networks > Add network Mode: Routed Network: 192.168.200.0/24 Accept default DHCP range Forward to: physical device Device: wlp1s0 [this is my physical wifi card] Then: $ sudo sysctl -w net.ipv4.ip_forward=1 Then check: $ ip link <snip> 6: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000 link/ether 52:54:00:54:ed:48 brd ff:ff:ff:ff:ff:ff 7: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master virbr0 state UNKNOWN mode DEFAULT group default qlen 1000 link/ether fe:54:00:9b:a7:8e brd ff:ff:ff:ff:ff:ff Start VM, check DHCP address assigned On VM guest: $ ip a|grep enp 2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 inet 192.168.200.151/24 ... At this point (with firewalls temporarily off) I was able to ssh to and from host and VM guest using their respective IP addresses. After adding a static route on my wireless router: 192.168.200.0/24 via 192.168.1.100 (to paraphrase the web form) I installed apache2 on the VM guest and was able to access http://192.168.200.151 from my phone over wifi, and websites on the host from the VM guest. Firewalld actived on host with ssh and https services allowed - ssh and web browsing worked as before. No nf/iptables jiggery-pokery, but static route on router required. Perhaps not the most efficient solution, but I try to avoid too many firewall rules because they make my head spin :) Don't think I've omitted any steps. Does that help? Best wishes, Gareth