ifconfig
eth0 Link encap:Ethernet HWaddr 54:04:a6:3d:36:ff
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:3300 errors:0 dropped:0 overruns:0 frame:0
TX packets:3300 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:950771 (950.7 KB) TX bytes:950771 (950.7 KB)
wlan0 Link encap:Ethernet HWaddr 30:5a:3a:60:5d:c0
inet addr:192.168.0.105 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::7cf4:8ce5:ba7c:8fd3/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1553 errors:0 dropped:0 overruns:0 frame:0
TX packets:1223 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1007907 (1.0 MB) TX bytes:524507 (524.5 KB)
Question
I've set up networking interface bridge0
for my QEMU Windows guest, enabled it with command line
brctl addbr bridge0
qemu .. -netdev bridge,br=bridge0,id=net0 -device virtio-net-pci,netdev=net0
(and allowed bridge0 in /etc/qemu/bridge.conf
).
With this setting, QEMU guest can't access Internet. For example, on the host,
pinging via that bridge doesn't work:ping -I bridge0 8.8.8.8
If i try to add my wifi card (with working connection) to bridge:
brctl addif bridge0 wlan0
I get the Operation not supported
error. I see many messages in the web It's not possible. But how do i workaround this?
I need to use bridge to apply custom
iptables
rules to my guests
network connections.
What should i do to let my bridge use WiFi internet connection?
How can i involve iptables
to solve my problem? How to create Sub-NAT for my bridge to control guests?
Best Answer
Let libvirt handle this. Libvirt has a default NAT network that will handle all of your forwarding, masquerading, and addressing for you. This NAT network comes pre-configured in libvirt deployments, and is literally named "default". The NAT is the most reasonable way to get internet access into a VM over a WiFi connection.
Also, you can almost never use WiFi as a bridge. First, because the host interfaces usually don't support it. Second, because almost all wireless access points will see a second MAC address (from your VM) coming in on your WiFi connection as a spoofing attempt, and de-authenticate you.
You can use
virsh
andvirt-install
to manage libvirt via the command line. You can also usevirt-manager
to manage libvirt via a GUI similar to the way the vSphere client works for ESXi. Both of these management frontends can connect to remote hosts. There are far more management tools than this, any just about any will work for you.virt-manager
is potentially the easiest to use.More on libvirt networking: http://wiki.libvirt.org/page/Networking
Some libvirt management tools (including those already mentioned): http://www.linux-kvm.org/page/Management_Tools
A usage guide for virsh: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Virtualization_Deployment_and_Administration_Guide/chap-Managing_guest_virtual_machines_with_virsh.html