skip to content
Hacktivate

KVM bridge with wireless NIC

kvm , qemu , linux , bridge , wireless

Create a wireless bridge network in KVM connecting virtual machines to the host's wireless network

In the world of virtualization, creating a network bridge between the host machine and a virtual guest can sometimes be a challenging task, especially when dealing with wireless network interfaces.

Virtualbox and VMWare both use proprietary solution to solve this problem, in the other hand, KVM, one of the most famous and used virtualization tool for linux, does not natively support bridging with wireless NICs, however, with a little workaround using a TAP device, it is possible to connect a guest to the host’s wireless network.

In this blog post, we will explore the steps to create a wireless bridge network in KVM, allowing seamless communication between virtual machines and the wireless network.

Enable IPv4 Routing for the Linux Kernel

To begin, we need to enable IPv4 routing for the Linux kernel. This can be achieved by executing the following command as root:

sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"

Create and Configure the TAP Device

Next, we will create a TAP device that will serve as a bridge between the guest and the wireless network. Execute the following commands:

sudo ip tuntap add mode tap tap0 user guest
sudo ip link set tap0 up

Assign an IP Address to the TAP Device

Assign an IP address to the TAP device using the following command:

sudo ip addr add 10.10.10.10/24 dev tap0

Note that the IP address doesn’t necessarily have to be from the wireless network subnet.

Implement Proxy ARP Bridging

To enable bridging of the guest Ethernet behind the host’s wireless NIC, we will utilize a tool called parprouted.

Parprouted is and old and unmaintained piece of software but still works as today on Linux 6.3 and is what will glue everything together by bridging using the Layer 3 of IP, listening for ARP request and forwarding them to other interfaces while updating the kernel ARP table

Install it from your repo or by compiling it, and then execute the following command:

sudo parprouted wlan0 tap0

Replace “wlan0” with the wireless interface of your host machine.

Step 5: Configure Routing Tables

Allow the TAP devices to receive and forward packets:

sudo iptables -A INPUT -i tap0 -j ACCEPT
sudo iptables -A FORWARD -i tap0 -j ACCEPT
sudo iptables -A FORWARD -o tap0 -j ACCEPT

Configure the Guest Machine

On the guest machine, assign a static IP address from the host’s wireless network subnet. For example, if your wireless interface (e.g., wlan0) is on the subnet 192.168.1.0/24, configure the guest’s network interface with the following command:

sudo ip addr add 192.168.1.42/24 dev eth0

Alternatively, you can make the IP address assignment permanent by modifying the /etc/network/interfaces file with the appropriate configuration:

auto eth0
iface eth0 inet static
  address 192.168.1.30
  netmask 255.255.255.0
  network 192.168.1.0
  broadcast 192.168.1.255
  gateway 192.168.1.25

Launch the Guest Machine

Finally, launch the guest machine using the kvm command with the appropriate parameters:

kvm -hda guest.img -m 512 -net nic -net tap,ifname=tap0,script=no

If you are using helper scripts to launch you VM (like quickemu) run:

./your-vm.conf --extra_args "-net nic -net tap,ifname=tap0,script=no"

Enjoy!

Now your KVM VM is in the same network as your host, and should be able to see the entire LAN