2

ifconfig

eth0      Link encap:Ethernet  HWaddr 54:04:a6:3d:36:ff  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:3300 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3300 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1 
          RX bytes:950771 (950.7 KB)  TX bytes:950771 (950.7 KB)

wlan0 Link encap:Ethernet  HWaddr 30:5a:3a:60:5d:c0  
          inet addr:192.168.0.105  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::7cf4:8ce5:ba7c:8fd3/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1553 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1223 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1007907 (1.0 MB)  TX bytes:524507 (524.5 KB)

Question

I've set up networking interface bridge0 for my QEMU Windows guest, enabled it with command line 

brctl addbr bridge0

qemu .. -netdev bridge,br=bridge0,id=net0 -device virtio-net-pci,netdev=net0

(and allowed bridge0 in /etc/qemu/bridge.conf).

With this setting, QEMU guest can't access Internet. For example, on the host, pinging via that bridge doesn't work:

ping -I bridge0 8.8.8.8

If i try to add my wifi card (with working connection) to bridge:

brctl addif bridge0 wlan0

I get the Operation not supported error. I see many messages in the web It's not possible. But how do i workaround this?

I need to use bridge to apply custom iptables rules to my guests network connections.

What should i do to let my bridge use WiFi internet connection?

How can i involve iptables to solve my problem? How to create Sub-NAT for my bridge to control guests?

Croll
  • 93
  • 1
  • 17
  • The bridge won't work. The guest is not a client of the access point, so the access point won't send its packets onto the WiFi network. – David Schwartz Oct 10 '16 at 10:52

2 Answers2

2

Let libvirt handle this. Libvirt has a default NAT network that will handle all of your forwarding, masquerading, and addressing for you. This NAT network comes pre-configured in libvirt deployments, and is literally named "default". The NAT is the most reasonable way to get internet access into a VM over a WiFi connection.

Also, you can almost never use WiFi as a bridge. First, because the host interfaces usually don't support it. Second, because almost all wireless access points will see a second MAC address (from your VM) coming in on your WiFi connection as a spoofing attempt, and de-authenticate you.

You can use virsh and virt-install to manage libvirt via the command line. You can also use virt-manager to manage libvirt via a GUI similar to the way the vSphere client works for ESXi. Both of these management frontends can connect to remote hosts. There are far more management tools than this, any just about any will work for you. virt-manager is potentially the easiest to use.

More on libvirt networking: http://wiki.libvirt.org/page/Networking

Some libvirt management tools (including those already mentioned): http://www.linux-kvm.org/page/Management_Tools

A usage guide for virsh: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Virtualization_Deployment_and_Administration_Guide/chap-Managing_guest_virtual_machines_with_virsh.html

Spooler
  • 7,046
  • 18
  • 29
  • 1
    Like @SmallLoanOf1M said, bridge is not supported by most wifi devices. The workaround, in this case, it to use a NIC that supports bridge. If you can find a wifi device that will, congrats and good for you. Perhaps a device that talks on a wireless network and plugs into an ethernet port on your system? – 0xSheepdog Oct 09 '16 at 15:35
  • I am trying to use virsh-net without virt-manager and virsh itself, but no success. I have to use `qemu` binary to run virtual machine. – Croll Oct 09 '16 at 16:09
  • Why are you using qemu directly rather than virsh with xml definitions? – Spooler Oct 09 '16 at 16:20
  • 2
    Wouldn't it be better to link to [current documentation](https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Virtualization_Deployment_and_Administration_Guide/chap-Managing_guest_virtual_machines_with_virsh.html) than ancient documentation? – Michael Hampton Oct 09 '16 at 16:57
  • An excellent point. – Spooler Oct 09 '16 at 19:47
0

Bridge still should possible to do by using wpa_supplicant & iw & brctl trio.

wpa_supplicant -B -b br0 -i wlan0 -c wpa.conf -Dwext

wpa_supplicant - Wi-Fi Protected Access client and IEEE 802.1X supplicant

  • -B Run daemon in the background.
  • -b br_ifname Optional bridge interface name. (Per interface)
  • -i ifname Interface to listen on
  • -c filename Path to configuration file.

wpa.conf - wpa_supplicant config file example:

network={ ssid="MYSSID" psk="passphrase" }

Enable 4-address mode when creating an interface. Wireless chip needs support it. (aka AP-to-Sta WDS).

  • iw dev wlan0 set 4addr on

Add interface to bridge:

  • brctl addif br0 wlan0
Michal Sokolowski
  • 1,471
  • 1
  • 11
  • 24