Hello!
This summer I worked through the Google Summer of Code on implementing automatic port forwarding for Qubes, either external and internal. Although the development has proven for me to be more complex than expected, thanks also to the mentoring of @marmarek and @fepitre we have come to a good point. Although the full implementation is yet to be finished and merged, partly due to the mixed state of the networking stack for Qubes 4.0.x, we would like to see this fully working and merged for future releases.
Help from the community, especially from whom has good networking skills, especially in dealing with nft as well as testers would be greatly appreciated.
Here are the draft pull requests:
The code works for the add, export and deletion of rules through the qvm-firewall utility.
As part of the GSoC i wrote some documentation to help advanced users troubleshoot, debug and develop for Qubes and I suggest everyone who would like to learn a bit of internals to read it. It also explain the design choices and the supposed inner workings of the port forwarding.