NAT to Unmanaged Bridge

Host:
Ubuntu 20.04
LXD 4.18
Netplan:

network:
  version: 2
  renderer: networkd
  ethernets:
    eno1:
      addresses:
          - 175.216.215.2/28
          - 175.216.215.6/28
          - 175.216.215.8/28
          # - more/28
      gateway4: 175.216.215.1
      #routes:
      #- to: 0.0.0.0/0
      #  via: 175.216.215.1
      nameservers:
          addresses: [8.8.8.8, 1.1.1.1]

Dnssmasq over 2 brctl bridges (unmanaged):
lxdbr0 10.0.4.0/22 and br3 192.168.100.0/22.

ip r
default via 175.216.215.1 dev eno1 proto static
10.0.4.0/22 dev lxdbr0 proto kernel scope link src 10.0.4.1
175.216.215.0/28 dev eno1 proto kernel scope link src 175.216.215.2
192.168.100.0/22 dev br3 proto kernel scope link src 192.168.100.1

Container:
obtains IPs from two bridges dnsmasq:
±-------±--------±----------------------±-----±----------±----------+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
±-------±--------±----------------------±-----±----------±----------+
|cont-1 | RUNNING | 192.168.100.61 (eth1) | | CONTAINER | 0 |
| | | 10.0.5.61 (eth0) | | | |

Netplan:

 network:
   version: 2
   ethernets:
     eth0: {dhcp4: true}
     eth1: {dhcp4: true}
ip r
default via 192.168.100.1 dev eth1 proto dhcp src 192.168.100.61 metric 100
default via 10.0.4.1 dev eth0 proto dhcp src 10.0.5.61 metric 100
10.0.4.0/22 dev eth0 proto kernel scope link src 10.0.5.61
10.0.4.1 dev eth0 proto dhcp scope link src 10.0.5.61 metric 100
192.168.100.0/22 dev eth1 proto kernel scope link src 192.168.100.61
192.168.100.1 dev eth1 proto dhcp scope link src 192.168.100.61 metric 100

IP tables:
*mangle
:PREROUTING ACCEPT [74407341:78538397870]
:INPUT ACCEPT [7724778:565291489]
:FORWARD ACCEPT [66647413:77970838394]
:OUTPUT ACCEPT [1446594:71729263238]
:POSTROUTING ACCEPT [68094007:149700101632]
-A POSTROUTING -o br3 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
-A POSTROUTING -o lxdbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill

COMMIT

*nat
:PREROUTING ACCEPT [46707:3305360]
:INPUT ACCEPT [11461:1032429]
:OUTPUT ACCEPT [232:18685]
:POSTROUTING ACCEPT [23046:1323477]

-A PREROUTING -d 175.216.215.6/32 -j DNAT --to-destination 192.168.100.61
-A PREROUTING -d 175.216.215.8/32 -j DNAT --to-destination 192.168.100.61

-A POSTROUTING -s 192.168.100.61/32 -j SNAT --to-source 185.216.215.6
-A POSTROUTING -s 192.168.100.61/32 -j SNAT --to-source 185.216.215.8

-A POSTROUTING -s 192.168.100.0/22 ! -d 192.168.100.0/22 -j MASQUERADE
-A POSTROUTING -s 10.0.4.0/22 ! -d 10.0.4.0/22 -j MASQUERADE
COMMIT

*filter
:INPUT ACCEPT [7723989:565224415]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1445815:71729120355]
-A INPUT -i br3 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i br3 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i br3 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i lxdbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i lxdbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i lxdbr0 -p udp -m udp --dport 67 -j ACCEPT
-A FORWARD -o br3 -j ACCEPT
-A FORWARD -i br3 -j ACCEPT
-A FORWARD -o lxdbr0 -j ACCEPT
-A FORWARD -i lxdbr0 -j ACCEPT
-A OUTPUT -o br3 -p tcp -m tcp --sport 53 -j ACCEPT
-A OUTPUT -o br3 -p udp -m udp --sport 53 -j ACCEPT
-A OUTPUT -o br3 -p udp -m udp --sport 67 -j ACCEPT
-A OUTPUT -o lxdbr0 -p tcp -m tcp --sport 53 -j ACCEPT
-A OUTPUT -o lxdbr0 -p udp -m udp --sport 53 -j ACCEPT
-A OUTPUT -o lxdbr0 -p udp -m udp --sport 67 -j ACCEPT
COMMIT

Now one IP is mapping to the container and the other ip doesn’t map.
Something is blocking the IP of being mapped to the container IP.
Old containers with same ip rules work, whenever creating a new container, public IP from outside pingable, but do not forward to container ports.

Above configuration has been around and had worked till recently (possibly through dist upgrade 18.04 to 21.04).
Is there an easier way to route all internet traffic from public IP to container IP, or just selected ports forwarding?
I saw the introduction of Floating IP addresses
Does it work on unmanaged bridges as well?
Unmanaged, because managed LXD is making its own entries in ip tables which sometime interfere with other config as well as not easy to control the dnsmasq config. Running multiple dnsmasq instances with each own config, resolve, hostsfile is easier than passing all those 50+ dnsmasq config parameters through lxd dnsmasq service initialize.