linux

Port forwarding to a virtual machine, configure a firewall?

There is a server (piece of iron), it costs the provider, there is only one external IP, it is no longer possible. The server has kvm-qemu and nat. The cable is plugged into eth0 and the virtual machines sit on br0 (br0:0), at the hardware node ip XXX.XXX.XXX.XXX and 192.168.0.1. Sites are spinning on virtual machines, and through nginx they are given out. Nginx is running on a hardware node. Now, to get into the virtual machine, you first need to go via ssh to the hardware node, and from there ssh [email protected], which is not very convenient. As I understand it, you can forward ports, for example 100,200,300, so that you can access virtual machines via sssh like this - [email protected]:100 [email protected]:200 [email protected]:300, and also forward port 80 to some kind of virtual machine, and move the indzhayniks there. What is the best way to do this? I don’t want to experiment, because if you lose control over sssh, then this is not very good. And you have to do it quickly. There is no time to understand thoroughly. Thank you.