Assigning public IP address to a VM hosted on a server behind NAT

I have a pool of public IP addresses (95.xxx.xxx.196 - 254). I also have a server hosting KVM machines. It has a private IP address 10.0.0.1 which is NATed by the router to the 95.xxx.xxx.200 address so that it's available to the Internet using this public IP.

VMs hosted on it are routed the same way - my MikroTik router binds 10.0.0.xxx addresses to 95.xxx.xxx.xxx and it works (meaning I can access my VMs from the Internet). Now I want to assign one of the VMs a public IP directly. It needs to work somewhat like for example a VPS hosted at OVH - you log into the server by SSH and running ip -a shows only one interface with a public IP - how to achieve the same with KVM?

I tried to assign an external IP address to the VM with gateway set to the host internal IP but it didn't work. Nobody could ping it, including the host.

How to set up KVM, the host server, and the router to assign a public IP to the virtual machine (like on a VPS)?

The problem is that you define a route for packets from your VM via the host, but there is no corresponding route from the internet to your VM's IP address.

You have two options:

1. Set up your MikroTik as a bridge, so that both inside and internet facing networks have public internet addresses. This means that you need another setup to give VMs private addresses.

2. Tell your ISP to route packets destined for the VM via your host's IP address.