I have a Windows Server 2012 KVM Guest on a Linux Server. Guest VM use Private IP. To access Remote Desktop of this VM from Internet, we need to make TCP and UDP port 3389 available to public. Since KVM Node (CentOS Server) do not use port 3389, we can setup port forwarding, so connection to port 3389 get forwarded to KVM Guest Private IP.

To do this, run

virsh shutdown vm1
virsh edit vm1

Find

<domain type='kvm'>

Replace with

<domain type='kvm' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'>

Find

<interface type='network'>

Replace With

<interface type='user'>

Find

</domain>

Add above

  <qemu:commandline>
    <qemu:arg value='-redir'/>
    <qemu:arg value='tcp:3389::3389'/>
    <qemu:arg value='-redir'/>
    <qemu:arg value='udp:3389::3389'/>
  </qemu:commandline>

Since RDP use port 3389 UDP and TCP, we have to add two redirects in our config.

Save and exit. Start VM.

virsh start vm1

Now you will be able to connect to KVM Node (Host) main IP like it is a Windows Server.

Here is full config for my KVM Windows Guest

[root@backup ~]# virsh dumpxml vm1
<domain type='kvm' id='8' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'>
  <name>vm1</name>
  <uuid>1273c4f1-e9e0-73c7-c88e-01c821259a97</uuid>
  <memory unit='KiB'>4194304</memory>
  <currentMemory unit='KiB'>4194304</currentMemory>
  <vcpu placement='static'>4</vcpu>
  <os>
    <type arch='x86_64' machine='rhel6.6.0'>hvm</type>
    <boot dev='hd'/>
  </os>
  <features>
    <acpi/>
    <apic/>
    <pae/>
  </features>
  <clock offset='localtime'/>
  <on_poweroff>destroy</on_poweroff>
  <on_reboot>restart</on_reboot>
  <on_crash>restart</on_crash>
  <devices>
    <emulator>/usr/libexec/qemu-kvm</emulator>
    <disk type='file' device='disk'>
      <driver name='qemu' type='raw'/>
      <source file='/var/lib/libvirt/images/vm1.img'/>
      <target dev='hda' bus='ide'/>
      <alias name='ide0-0-0'/>
      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
    </disk>
    <disk type='file' device='cdrom'>
      <driver name='qemu' type='raw'/>
      <source file='/var/lib/libvirt/images/win2012.iso'/>
      <target dev='hdc' bus='ide'/>
      <readonly/>
      <alias name='ide0-1-0'/>
      <address type='drive' controller='0' bus='1' target='0' unit='0'/>
    </disk>
    <controller type='usb' index='0'>
      <alias name='usb0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
    </controller>
    <controller type='ide' index='0'>
      <alias name='ide0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
    </controller>
    <interface type='user'>
      <mac address='52:54:00:fa:9e:e8'/>
      <alias name='net0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
    </interface>
    <serial type='pty'>
      <source path='/dev/pts/0'/>
      <target port='0'/>
      <alias name='serial0'/>
    </serial>
    <console type='pty' tty='/dev/pts/0'>
      <source path='/dev/pts/0'/>
      <target type='serial' port='0'/>
      <alias name='serial0'/>
    </console>
    <input type='tablet' bus='usb'>
      <alias name='input0'/>
    </input>
    <input type='mouse' bus='ps2'/>
    <graphics type='vnc' port='5900' autoport='yes' listen='127.0.0.1'>
      <listen type='address' address='127.0.0.1'/>
    </graphics>
    <video>
      <model type='vga' vram='9216' heads='1'/>
      <alias name='video0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
    </video>
    <memballoon model='virtio'>
      <alias name='balloon0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
    </memballoon>
  </devices>
  <qemu:commandline>
    <qemu:arg value='-redir'/>
    <qemu:arg value='tcp:3389::3389'/>
    <qemu:arg value='-redir'/>
    <qemu:arg value='udp:3389::3389'/>
  </qemu:commandline>
</domain>

[root@backup ~]#