Comment 3 for bug 1578277

It's known limitation, traffic to NATed networks can't be routed, see libvirt docs [0]:

[forward]
[nat]
...
"Inbound connections from other networks are all prohibited; all connections between guests on the same network, and to/from the host to the guests, are unrestricted and not NATed"

If you want to create networks for multirack environment, please use 'route' forward mode. In case you need to provide Internet access via such networks, you should manually add custom iptables rules for SNAT.

[0] https://libvirt.org/formatnetwork.html#elementsMetadata