virtio model type and netfilter masquerade not being applied

Brad Jennings d741242793 at gmail.com
Thu Mar 4 14:29:29 UTC 2021 

Quick question for anyone in the know, I have a fairly basic setup (at
least I think it is?)  with an openvswitch, and the br0 port has an IP
assigned in the same subnet as the VM to act as a gateway.
              |------ovs-------|
eno2 <-- |--br0             |
              |--vnet0 - VM  |
              |------------------|


I would like the VM (vnet0) to use br0 as a gateway which local
connectivity wise seems fine but the internet is a bit odd. I can ping for
example 1.1.1.1 dns without any issues but anying udp/tcp is a no go.

I checked the physical hosts interface(eno2) and br0 to find that the VM's
packets were successfully heading to br0 but when leaving the physical
host(eno2) the tcp/udp packets weren't being masqueraded. The rule is
pretty straightforward and to test I plugged another device into the eno1
afxdp port and had no connectivity issues and packets were being
masqueraded fine.

I tried to set trustGuestRxFilters='yes' but that didn't work and the same
state remained, the only thing that worked was using the "rtl8139" model
type.

I always remember using 'virtio' in the past and I must be missing
something crucial in the somewhat lengthy libvirt documentation.

Would be super helpful if someone can shed some light on this ? and
possibly if I should be using virtio or the realtek driver ?

Thanks ! (config below)

Iptables:


sudo iptables -t nat -A POSTROUTING -o eno2 -j MASQUERADE



ovs-vsctl show

ec13c3e2-6159-4019-984e-36cc90c59075

    Bridge br0

        fail_mode: standalone

        datapath_type: netdev

        Port vnet0

            Interface vnet0

        Port eno1

            Interface eno1

                type: afxdp

        Port br0

            Interface br0
                type: internal

instance domain xml
<interface type='bridge'>
      <mac address='52:54:00:77:fc:70'/>
      <source bridge='br0'/>
      <virtualport type='openvswitch'>
        <parameters interfaceid='2124ef39-e244-434c-8339-d2aa04d0d888'/>
      </virtualport>
      <model type='virtio'/> #rtl8139 works.
      <address type='pci' domain='0x0000' bus='0x02' slot='0x01'
function='0x0'/>
    </interface>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20210304/78d0fd05/attachment.htm>

More information about the libvirt-users mailing list