KVM Ubuntu Guest cannot connect to the internet on bridged networking

I have Ubuntu 14.04 (64 bits) + KVM Host with 2 NICs:
- eth0 connected to the "public" network
- eth1 connected to the br0 bridge with a private ip address range

From Host I can access internet, ping VM Guest and connect to it via SSH.
From VM Guest I can only ping Host, but cannot access Internet and cannot ping google.com

Please help me with connecting VM Guest to the internet in the setup described below:

---

On Host:

/etc/network/interfaces

 auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 192.168.2.60 netmask 255.255.255.0 gateway 192.168.2.254 dns-nameservers 8.8.8.8 auto eth1 iface eth1 inet manual auto br0 iface br0 inet static address 10.0.0.1 netmask 255.255.255.0 bridge_ports eth1 bridge_stp off bridge_maxwait 0 bridge_fd 0 # Create and destroy the bridge automatically. pre-up brctl addbr br0 ip link set dev br0 up post-up /usr/sbin/brctl setfd br0 0 addif br0 eth1 post-down brctl delbr br0 

---

KVM Network is defined as:

<network> <name>br0-net</name> <uuid>9d24b473-0b4d-4cfa-8b12-7bf267d856ae</uuid> <forward mode='bridge'/> <bridge name='br0'/> </network> 

---

# sysctl -p /etc/sysctl.conf

 net.ipv4.ip_forward = 1 net.bridge.bridge-nf-call-ip6tables = 0 net.bridge.bridge-nf-call-iptables = 0 net.bridge.bridge-nf-call-arptables = 0 

---

# route -n

 Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.2.254 0.0.0.0 UG 0 0 0 eth0 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 br0 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 

# iptables -t nat -vnL

 Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 

---

On VM Guest:

/etc/network/interfaces

 auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 10.0.0.11 netmask 255.255.255.0 

---

Guest xml is defined as

<interface type='bridge'> <mac address='52:54:00:6b:93:69'/> <source bridge='br0'/> <model type='virtio'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/> </interface> 

---

# route -n

 Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 eth0 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 

# iptables -t nat -vnL

 Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 

Ping KVM Host from Guest does work for 10.0.0.1 and 192.168.2.60:

$ ping 10.0.0.1

 PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data. 64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=0.555 ms 

$ ping 192.168.2.60

 PING 192.168.2.60 (192.168.2.60) 56(84) bytes of data. 64 bytes from 192.168.2.60: icmp_seq=1 ttl=64 time=0.772 ms 

Ping a different computer 192.168.2.3 from Guest does not work:

 --- 192.168.2.3 ping statistics --- 277 packets transmitted, 0 received, 100% packet loss, time 276399ms 

Ping google.com from Guest does not work:

 ping: unknown host google.com