<div dir="ltr">Quick question for anyone in the know, I have a fairly basic setup (at least I think it is?)  with an openvswitch, and the br0 port has an IP assigned in the same subnet as the VM to act as a gateway. <div>              |------ovs-------|</div><div>eno2 <-- |--br0             |</div><div>              |--vnet0 - VM  |</div><div>              |------------------|</div><div><br><div><br></div><div>I would like the VM (vnet0) to use br0 as a gateway which local connectivity wise seems fine but the internet is a bit odd. I can ping for example 1.1.1.1 dns without any issues but anying udp/tcp is a no go. </div><div><br></div><div>I checked the physical hosts interface(eno2) and br0 to find that the VM's packets were successfully heading to br0 but when leaving the physical host(eno2) the tcp/udp packets weren't being masqueraded. The rule is pretty straightforward and to test I plugged another device into the eno1 afxdp port and had no connectivity issues and packets were being masqueraded fine.</div><div><br></div><div>I tried to set <span style="background-color:rgb(238,238,238);color:rgb(0,0,0);font-family:LibvirtOverpassMono;font-size:14.4px">trustGuestRxFilters='yes</span>' but that didn't work and the same state remained, the only thing that worked was using the "rtl8139" model type.</div><div><br></div><div>I always remember using 'virtio' in the past and I must be missing something crucial in the somewhat lengthy libvirt documentation.</div><div><br></div><div>Would be super helpful if someone can shed some light on this ? and possibly if I should be using virtio or the realtek driver ? </div><div><br></div><div>Thanks ! (config below)</div><div><br></div><div>





<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">Iptables:</span></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><br></span></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">sudo iptables -t nat -A POSTROUTING -o eno2 -j MASQUERADE</span></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><br></span></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><br></p><div>ovs-vsctl show</div><div><br></div>





<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">ec13c3e2-6159-4019-984e-36cc90c59075</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">    </span>Bridge br0</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">        </span>fail_mode: standalone</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">        </span>datapath_type: netdev</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">        </span>Port vnet0</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">            </span>Interface vnet0</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">        </span>Port eno1</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">            </span>Interface eno1</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">                </span>type: afxdp</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">        </span>Port br0</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">            </span>Interface br0</span></p>
<div><span class="gmail-Apple-converted-space" style="font-variant-ligatures:no-common-ligatures;color:rgb(0,0,0);font-family:Menlo;font-size:11px">                </span><span style="font-variant-ligatures:no-common-ligatures;color:rgb(0,0,0);font-family:Menlo;font-size:11px">type: internal</span>  <div><br></div><div>instance domain xml</div><div><interface type='bridge'><br>      <mac address='52:54:00:77:fc:70'/><br>      <source bridge='br0'/><br>      <virtualport type='openvswitch'><br>        <parameters interfaceid='2124ef39-e244-434c-8339-d2aa04d0d888'/><br>      </virtualport><br>      <model type='virtio'/> #rtl8139 works.<br>      <address type='pci' domain='0x0000' bus='0x02' slot='0x01' function='0x0'/><br>    </interface></div></div></div></div></div>