I have exactly the same issue on a new Bitwarden install on Centos 9 Stream. 502 errors on nginx and docker ps showing unhealthy for admin and sso containers.
I have tried “firewall-cmd --zone=public --add-masquerade --permanent” and can see that masquerade is enabled, but the problem persists.
The only way I can get everything to work correctly is with firewalld disabled.
I want to use fail2ban, but this does not block any IP addresses without the firewall running.
Does anyone know the root cause of this issue and managed to actually get this working on Centos 9 Stream? If so, any pointers would be really appreciated.