# ensure requests get routed from libvirt VMs to service
# running as regular user on 127.0.0.1:8080

sysctl -w net.ipv4.conf.virbr0.route_localnet=1

iptables -t nat -A PREROUTING -i virbr0 \
  -p tcp -m tcp -d 169.254.169.254/32 --dport 80 \
  -j DNAT --to-destination 127.0.0.1:8080

ippatbles -i virbr0 -p tcp -m tcp \
  -s 192.168.122.0/24 -d 127.0.0.1/32  \
  --dport 8080 -j ACCEPT