Nat – Wifi and bridge. No internet. Not supported

bridgekvm-virtualizationnat;networkingwifi

ifconfig

eth0      Link encap:Ethernet  HWaddr 54:04:a6:3d:36:ff  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:3300 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3300 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1 
          RX bytes:950771 (950.7 KB)  TX bytes:950771 (950.7 KB)

wlan0 Link encap:Ethernet  HWaddr 30:5a:3a:60:5d:c0  
          inet addr:192.168.0.105  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::7cf4:8ce5:ba7c:8fd3/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1553 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1223 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1007907 (1.0 MB)  TX bytes:524507 (524.5 KB)

Question

I've set up networking interface bridge0 for my QEMU Windows guest, enabled it with command line 

brctl addbr bridge0

qemu .. -netdev bridge,br=bridge0,id=net0 -device virtio-net-pci,netdev=net0

(and allowed bridge0 in /etc/qemu/bridge.conf).

With this setting, QEMU guest can't access Internet. For example, on the host,
pinging via that bridge doesn't work:

ping -I bridge0 8.8.8.8

If i try to add my wifi card (with working connection) to bridge:

brctl addif bridge0 wlan0

I get the Operation not supported error. I see many messages in the web It's not possible. But how do i workaround this?

I need to use bridge to apply custom iptables rules to my guests
network connections.

What should i do to let my bridge use WiFi internet connection?

How can i involve iptables to solve my problem? How to create Sub-NAT for my bridge to control guests?

Best Answer

Let libvirt handle this. Libvirt has a default NAT network that will handle all of your forwarding, masquerading, and addressing for you. This NAT network comes pre-configured in libvirt deployments, and is literally named "default". The NAT is the most reasonable way to get internet access into a VM over a WiFi connection.

Also, you can almost never use WiFi as a bridge. First, because the host interfaces usually don't support it. Second, because almost all wireless access points will see a second MAC address (from your VM) coming in on your WiFi connection as a spoofing attempt, and de-authenticate you.

You can use virsh and virt-install to manage libvirt via the command line. You can also use virt-manager to manage libvirt via a GUI similar to the way the vSphere client works for ESXi. Both of these management frontends can connect to remote hosts. There are far more management tools than this, any just about any will work for you. virt-manager is potentially the easiest to use.

More on libvirt networking: http://wiki.libvirt.org/page/Networking

Some libvirt management tools (including those already mentioned): http://www.linux-kvm.org/page/Management_Tools

A usage guide for virsh: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Virtualization_Deployment_and_Administration_Guide/chap-Managing_guest_virtual_machines_with_virsh.html

Related Topic