# [SOLVED] Adding wlan0 to br0

## eleanor

Hi,

I've followed the guide [https://wiki.debian.org/BridgeNetworkConnections#Bridging_with_a_wireless_NIC] to try to configure qemu with bridging capabilities, so my virtual machines could be seen as standalone machines in my network. This is working fine when using a eth0 cable interface, but fails when trying to do the same with wlan0 wireless interface. I've configured ebtables properly and done everything needed to make it work, but the error boils down to not being able to add wlan0 to the bridge br0:

 *Quote:*   

> 
> 
> # brctl addif br0 wlan0    
> 
> can't add wlan0 to bridge br0: Operation not supported
> ...

 

If I strace the same command, I get the following.

 *Quote:*   

> 
> 
> # strace brctl addif br0 wlan0                                                                                                                         [8/917]
> 
> execve("/sbin/brctl", ["brctl", "addif", "br0", "wlan0"], [/* 57 vars */]) = 0                                                                                               [7/917]
> ...

 

I've encountered a number of referenced on this problem, but none of them actually solved the problem.

 Hostapd: I could use hostapd to create AP with my wlan0 and then the qemu clients would connect to that, but I don't want to create an AP, which would then be seen by everybody close enough, so this option is out of the question.

 Old Kernel: I've been told that this is supported by an old kernel, but new kernels don't support it, because it was kicked out of the kernel. I would like to know why the decision was made and what is the latest kernel that still supports it.

Currently I'm running the following kernel:

 *Quote:*   

> 
> 
> # uname -r
> 
> 3.10.1-hardened-r1
> ...

 

I'm using the following kernel driver:

 *Quote:*   

> 
> 
> # lspci -k
> 
> 03:00.0 Network controller: Intel Corporation PRO/Wireless 5100 AGN [Shiloh] Network Connection
> ...

 

I would like to get a solution to make the qemu virtual machines use bridging to present to the network as standalone clients; the same as it's with the Virtualbox bridging mode. 

Any ideas and th[/url]oughts are welcome.Last edited by eleanor on Sat Nov 23, 2013 3:32 pm; edited 1 time in total

----------

## Logicien

You do not say which network interface your Qemu virtual machine is using from the host. If you create a tuntap virtual network card with the host command ip or tunctl and give it as the wired network card to your Qemu virtual machine, it will be easy for the host to bridge this interface.

Your wireless network can access your virtual machines by the bridge using forwarding, appropriate IP routes, Iptables rules and NAT on each host including virtual ones.

----------

## eleanor

Hi,

In qemu I'm using the following:

 *Quote:*   

> 
> 
>   -device e1000,netdev=net0
> 
>   -netdev tap,id=net0,script=no,ifname=tap0,downscript=no
> ...

 

In /etc/conf.d/net I have this:

 *Quote:*   

> 
> 
> # Interface wlan0
> 
> config_wlan0="null"
> ...

 

The above options will start the tap0 and wlan0 interface by default by using the appropriate init scripts. 

I'm tying to give the VM the tap0 device, which is bridged with wlan0 wireless interface into br0. The br0 it self should connect with the AP through wlan0 wireless network. If the tap0 and wlan0 are bridged, it means that when VM will issue a DHCP request, it will be sent over the air to the AP, which will give it another IP address.

The problem is that I cannot add wlan0 to the br0 and I receive an error outlined in the first post.

----------

## Logicien

Dhcp request do not authentificate a Wep or a Wpa client to an AP. You can succeed what you want to do without putting wlan0 in the bridge. Do a normal wireless configuration for wlan0 and put only tap0 in the bridge.

Configure your bridge and your virtual machine manually on the same network. For the virtual machine you can have instead a Dhcp server on the host that listen on br0 and do a Dhcp request on the guest. Than routing and firwall rules should do the rest.

I can communicate between my wire, wireless and virtual networks that way, but Gentoo is my wireless AP. It allow to open sessions between wireless hosts and others. The only external router is my ISP.

----------

## eleanor

Hi,

Okay, I've added the tap0 to the br0 without also adding the wlan0. The host and guest can ping each other over the br0 interface, but the guest still cannot access the internet.

Current routing table is:

 *Quote:*   

> 
> 
> # route -n
> 
> Kernel IP routing table
> ...

 

I guess no routing entries are needed, since the default GW is already set.

Can you possibly share your routing rules or tell me what I have to add to make this work?

----------

## Logicien

Hi,

I will give you a way to proceed manually with the 192.168.0.0/24 subnet for br0. From the host

```
ifconfig br0 192.168.0.1 up

sysctl -w net.ipv4.ip_forward=1

iptables -A POSTROUTING -j MASQUERADE -s 192.168.0.0/24 -t nat
```

From the guest

```
ifconfig eth0 192.168.0.2 up

route add default gw 192.168.0.1

echo 'nameserver 8.8.8.8' > /etc/resolv.conf
```

You have to be sure that the other firewall rules on each workstation, including the virtual one, permit to communicate with the outside world. Forwarding and masquerading are the task of the host who serve as a gateway for 192.168.0.0/24 subnet. Guest requests for anywhere, including wireless, should be done by the other routes of the host.

----------

## eleanor

Yes, this works ok, but it's still not completely the same as bridged networking as Virtualbox configures it. The virtual machines can connect to the other hosts on the network, but other hosts cannot connect to the virtual machines, because they don't have a route for 172.16.1.0/24.  If I manually add the route to each device on the network, this would work as it should, but I'm not going to do that.

I was thinking to configure network DHCP to give out 192.168.1.100-150 IP addresses and my own DHCP server on the host to give out 192.168.1.151-200 IP addresses. Therefore the two DHCP servers would serve the same IP address range 192.168.1.0/24, but each would have a different IP range. I guess I would still have to use ebtables, but this might just work as expected.

----------

## Logicien

Note that you can use a tuntap Ethernet card like the one you create, tap0, and not the one that VirtualBox will create by default, vboxnet0, when you configure the network of the VirtualBox virtual machine. I use in this case Access by bridge as access method.

In all cases, the host gateway must forward and masquerade packets on all local networks that must communicate togethers. In your case, it should be at least the virtual and wireless ones. You need an iptable rule for each of them on the host gateway.

My ISP give to my host gateway the Internet IP address and route. My host gateway authentificate clients as a wireless Access Point (Hostapd), give to each of them always the same IP address, route and Dns (Dnsmasq) through my wireless network (wlan0), forward and masquerade packets on the virtual (br0) and wireless networks.

I configure manually the virtual network of the host (br0 with tap0 as slave) and the same for the guest (eth0 through tap0) and all the machines, real and guests, can connect to each others and access Internet without more configuration.

The virtual guests machines do not need a specific route to the real machines on the wireless network and the same apply to the real machines of the wireless network to virtual guests machines. The host gateway as the default route of each of them is enough to make them communicate to each others because the host gateway forward and masquerade packets on the virtual and wireless networks.

Note that the host gateway give one default route, the same, to each the wireless machines  but a different one, the same, to the virtuals machines.

----------

## eleanor

Hi,

Yes, this is true, but only when the host machine is also an AP, which isn't the case in my setup. I'm using Linksys router as AP (which has the first DHCP server) to which the host connects with wlan0 interface. Additionally, the host has a bridge br0 and tap0 (added to br0), which has another DHCP server to give IP addresses to guest virtual machines. I've already described the rest of the process and it's problems.

----------

## Logicien

By default I think, routers like Linksys do not allow connected clients to be part of the same network and open an ssh session from one client to another. This probably can be change in the setup of the routers. Without that, I dont see how wireless machines can be part of the same network if your host do not act as the wireless router itself.

----------

