Setting up bridged networking for KVM guests over a wireless connection presents unique challenges compared to wired interfaces. The standard Linux bridge utilities don't work with WiFi due to MAC address restrictions in most wireless drivers. Here's how to properly configure this using virt-manager's XML configuration.
Your current manual setup that works:
sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
sudo tunctl -t tap0
sudo ip link set tap0 up
sudo ip addr add 192.168.1.25/24 dev tap0
sudo route add -host 192.168.1.30 dev tap0
sudo parprouted wlan0 tap0
To achieve the same networking in virt-manager, you'll need to edit the guest's XML configuration. Here's the relevant network interface section:
<interface type='ethernet'>
<mac address='de:ad:be:ef:90:26'/>
<script path='no'/>
<source dev='tap0'/>
<target dev='vnet0'/>
<model type='virtio'/>
<alias name='net0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>
For the network configuration to persist across reboots, you'll need to:
- Create a systemd service for the tap interface setup
- Add the interface configuration to /etc/network/interfaces
Example systemd service (/etc/systemd/system/kvm-tap.service):
[Unit]
Description=KVM Tap Interface Setup
After=network.target
[Service]
Type=oneshot
ExecStart=/usr/bin/ip tuntap add mode tap tap0
ExecStart=/usr/bin/ip link set tap0 up
ExecStart=/usr/bin/ip addr add 192.168.1.25/24 dev tap0
ExecStart=/usr/bin/ip route add 192.168.1.30 dev tap0
ExecStart=/usr/bin/parprouted wlan0 tap0
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
For newer kernels, consider using macvtap in bridge mode instead of the tap/parprouted solution:
<interface type='direct'>
<mac address='de:ad:be:ef:90:26'/>
<source dev='wlan0' mode='bridge'/>
<model type='virtio'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>
If you encounter problems:
- Verify ip_forward is enabled:
sysctl net.ipv4.ip_forward - Check firewall rules aren't blocking traffic
- Ensure parprouted is running:
ps aux | grep parprouted - Confirm ARP proxy is working:
arp -n
Setting up KVM virtual machines with network access via wireless interfaces presents unique challenges since traditional bridging doesn't work well with most wireless cards. After extensive testing, I've found the most reliable method using tap interfaces and proxy ARP.
# Ensure required packages are installed
sudo apt-get install uml-utilities parprouted
First, we need to set up the host system to properly forward traffic between the wireless interface and our tap device:
# Enable IP forwarding
echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
# Create tap interface
sudo ip tuntap add tap0 mode tap
sudo ip link set tap0 up
sudo ip addr add 192.168.1.25/24 dev tap0
sudo ip route add 192.168.1.30 dev tap0
# Start proxy ARP daemon
sudo parprouted wlan0 tap0
To make this persistent through virt-manager, you'll need to edit the VM's XML configuration:
<interface type='ethernet'>
<mac address='de:ad:be:ef:90:26'/>
<target dev='tap0'/>
<model type='virtio'/>
<alias name='net0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>
Inside your guest OS, configure the network interface with these settings:
auto eth0
iface eth0 inet static
address 192.168.1.30
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.25
dns-nameservers 8.8.8.8 8.8.4.4
To ensure these settings survive reboots, create a systemd service:
[Unit]
Description=Tap0 wireless bridge setup
After=network.target
[Service]
Type=oneshot
ExecStart=/usr/bin/ip tuntap add tap0 mode tap
ExecStart=/usr/bin/ip link set tap0 up
ExecStart=/usr/bin/ip addr add 192.168.1.25/24 dev tap0
ExecStart=/usr/bin/ip route add 192.168.1.30 dev tap0
ExecStart=/usr/bin/parprouted wlan0 tap0
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
- Verify all commands execute without errors
- Check
ip addr showto confirm interface states - Use
tcpdump -i tap0to verify traffic flow - Ensure MAC addresses match between XML and guest config