Quick question for anyone in the know, I have a fairly basic setup (at least I think it is?)  with an openvswitch, and the br0 port has an IP assigned in the same subnet as the VM to act as a gateway. 
              |------ovs-------|
eno2 <-- |--br0             |
              |--vnet0 - VM  |
              |------------------|


I would like the VM (vnet0) to use br0 as a gateway which local connectivity wise seems fine but the internet is a bit odd. I can ping for example 1.1.1.1 dns without any issues but anying udp/tcp is a no go. 

I checked the physical hosts interface(eno2) and br0 to find that the VM's packets were successfully heading to br0 but when leaving the physical host(eno2) the tcp/udp packets weren't being masqueraded. The rule is pretty straightforward and to test I plugged another device into the eno1 afxdp port and had no connectivity issues and packets were being masqueraded fine.

I tried to set trustGuestRxFilters='yes' but that didn't work and the same state remained, the only thing that worked was using the "rtl8139" model type.

I always remember using 'virtio' in the past and I must be missing something crucial in the somewhat lengthy libvirt documentation.

Would be super helpful if someone can shed some light on this ? and possibly if I should be using virtio or the realtek driver ? 

Thanks ! (config below)

Iptables:


sudo iptables -t nat -A POSTROUTING -o eno2 -j MASQUERADE



ovs-vsctl show

ec13c3e2-6159-4019-984e-36cc90c59075

    Bridge br0

        fail_mode: standalone

        datapath_type: netdev

        Port vnet0

            Interface vnet0

        Port eno1

            Interface eno1

                type: afxdp

        Port br0

            Interface br0

                type: internal  

instance domain xml
<interface type='bridge'>
      <mac address='52:54:00:77:fc:70'/>
      <source bridge='br0'/>
      <virtualport type='openvswitch'>
        <parameters interfaceid='2124ef39-e244-434c-8339-d2aa04d0d888'/>
      </virtualport>
      <model type='virtio'/> #rtl8139 works.
      <address type='pci' domain='0x0000' bus='0x02' slot='0x01' function='0x0'/>
    </interface>