QEMU Bridged networking over wifi + subnet/NAT stuff

[Quirken]

I've been trying to set up a gaming machine with KVM VGA passthrough. I've got the VGA passthrough working. Unfortunately, my apartment doesn't come wired for ethernet, so I must use wifi. The sticky thread isn't particularly helpful there.

I found a solution that gets me internet access, but while internet is working, I'm having trouble installing some software that is finicky about subnets, and I'm wondering if the way I did this is the problem. I really don't understand what most of these commands are doing. (Note that the original command on the source link was ip addr add 172.20.0.1/16 dev br0, as well as a corresponding DHCP range. I *need* the VM to be in the same subnet as my server. I've set it so that my router's DHCP won't assign anything higher than 192.168.1.200.)

Basically, I ran these commands:

Code: Select all

ip link add name br0 type bridge
ip addr add 192.168.1.201/27 dev br0
ip link set br0 up
dnsmasq --interface=br0 --bind-interfaces --dhcp-range=192.168.1.202,192.168.1.215

modprobe tun
ip tuntap add dev tap0 mode tap user USERNAME
ip link set tap0 up promisc on
ip link set tap0 master br0

sysctl net.ipv4.ip_forward=1
sysctl net.ipv6.conf.default.forwarding=1
sysctl net.ipv6.conf.all.forwarding=1

iptables -t nat -A POSTROUTING -o wlp6s0 -j MASQUERADE
iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i tap0 -o wlp6s0 -j ACCEPT

# now run (as your user):
# $ qemu-system-x86_64 ... -net nic,model=virtio -net tap,ifname=tap0,script=no,downscript=no

Now, inside my VM, I can ping my server (192.168.1.79), and it responds. When I try to use the 'Windows Server Essentials Connector Configuration Wizard' to link up my VM to my windows domain... it doesn't work. (And the software doesn't give any error codes, etc.)

Now, this *could* just be Windows being Windows. I've had similar issues in the past, even without VMs. But the FAQ page lists in the requirement "the client computer is on the same IP subnet as the server that is running Windows Server Essentials."

I've also tried just joining the VM to the domain, rather than installing the connector software, and it tells me it can't reach the active domain controller. The error details there say that the "DNS name does not exist" and says a common cause is "The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses: 192.168.1.201." (Seems plausible that since my 'real' DNS is something different, that's causing issues, but I'm just speculating) Solved this particular issue; see post 2 for my new issue.

Right now, the subnet mask listed if I run ipconfig /all in the VM is 255.255.255.224. I'm wondering if this is the root of my problems. I'm guessing not, as I can ping the server, but I could ping the server when the VM IP was 172.20.0.X, too.

Is there a way I can tweak the above commands so that Windows thinks it has the typical subnet mask (255.255.255.0)? Trying to manually set it inside Windows broke internet connectivity.

Or any other ideas about what might be wrong?
Thanks!

[Quirken]

Got it joined to the domain (apparently I had to use MYDOMAINNAME.local and not DOMAINNAME )

So my initial problem is solved, but now I have a new one... it seems I cannot see this computer from other LAN computers. If I try pinging it, it tells me 'destination host unreachable'

[Quirken]

Still struggling with this.

The method I described in post 1 works, but it's not reachable (NAT?).

Tried following this link posting.php?mode=reply&f=231&t=266120

but it still is putting my VM behind a NAT and the VM needs to be reachable, or it will defeat the entire purpose
FWIW, my motherboard has two ethernet ports. Also, my wifi chipset is BCM4360.

Also attempted to try port forwarding from host->VM, but that didn't seem to work.

Also tried ebtables as described here: https://wiki.debian.org/BridgeNetworkCo ... reless_NIC
I don't really know what I'm dong, so I don't know whether or not I did it right. But in addition to the original post, I added

Code: Select all

 pre-up iwconfig wlan0 essid $YOUR_ESSID
 bridge_hw $MAC_ADDRESS_OF_YOUR_WIRELESS_CARD

to /etc/network/interfaces
and ran the following as root

Code: Select all

ebtables -t nat -A POSTROUTING -o wlan0 -j snat --to-src $MAC_OF_BRIDGE --snat-arp --snat-target ACCEPT
ebtables -t nat -A PREROUTING -p IPv4 -i wlan0 --ip-dst $IP -j dnat --to-dst $MAC --dnat-target ACCEPT
ebtables -t nat -A PREROUTING -p ARP -i wlan0 --arp-ip-dst $IP -j dnat --to-dst $MAC --dnat-target ACCEPT

with all the variables filled in.

Far as I can tell, ebtables didn't do anything.

[powerhouse]

Hello Quirken. This whole networking thing is unfortunately quite a pain in the neck.

My how-to describes how to set up networking using bridging, that is a layer 2 protocol (Ethernet / MAC addresses). However, wireless access routers do not support bridging, only layer 3 (IP networking).

ebtables is supposed to help in this case, by translating MAC addresses to match the device registered with the access point.

I was in the same situation when we moved into a new apartment without Ethernet infrastructure. I did not succeed in making it work the way I wanted. In the end, it was a lot easier to take a drill and lay the GB Ethernet wire from my router to the PC.

If you follow the tutorial, but remove the networking part of the qemu command, your Windows VM should connect to the Internet. I'm not sure if it will allow you to share files via Samba between host and VM, though.

In theory, ebtables should provide an answer, but I am not familiar with the ins and outs of it.

Sorry I can't help any further.

[Quirken]

I ended up doing a passthrough of my wifi card and using a wifi dongle for the host.

My computer has two unused Ethernet ports on the back, with different controllers. Maybe I could make use of that somehow? Connect to wifi normally, but use the two ethernet ports to create a fake LAN network between the VM and host?

(I've read about people doing similar tricks to get this stuff working, but I haven't had any luck with it. either)

[powerhouse]

I ended up doing a passthrough of my wifi card and using a wifi dongle for the host.

My computer has two unused Ethernet ports on the back, with different controllers. Maybe I could make use of that somehow? Connect to wifi normally, but use the two ethernet ports to create a fake LAN network between the VM and host?

(I've read about people doing similar tricks to get this stuff working, but I haven't had any luck with it. either)

That's a pragmatic way to solve the issue. Good thinking!

If the two Ethernet ports are indeed driven by two different controllers, you may be able to pass through one controller to Windows and then connect the two ports. Don't forget to configure a bridge under Linux, else this won't work (at least I think so).

[Quirken]

I ended up doing a passthrough of my wifi card and using a wifi dongle for the host.

My computer has two unused Ethernet ports on the back, with different controllers. Maybe I could make use of that somehow? Connect to wifi normally, but use the two ethernet ports to create a fake LAN network between the VM and host?

(I've read about people doing similar tricks to get this stuff working, but I haven't had any luck with it. either)

That's a pragmatic way to solve the issue. Good thinking!

If the two Ethernet ports are indeed driven by two different controllers, you may be able to pass through one controller to Windows and then connect the two ports. Don't forget to configure a bridge under Linux, else this won't work (at least I think so).

So, what I tried doing was passing both my wifi card and the Intel Ethernet controller to Windows (directly, using -device vfio-pci,host=06:00.0, etc) and leaving the Killer Ethernet controller for Linux.

I then plugged an ethernet cable between the two ports.

Inside of Windows, I turned on internet connection sharing on the wifi card, and that gave my linux host an ethernet IP address and internet access! Unfortunately, there are two really annoying problems with this:
1) every time I restart the VM, I have to disable/re-enable ICS in windows for this to work. Probably a windows bug.
2) my linux host's internet speeds are terrible (roughly 1/30th the speedtest results of the VM)

Any other ideas on how I could take advantage of my dual ethernet cards?

[Quirken]

All right! I got a decent solution... almost

• connect host to wifi
• pass through intel ethernet controller to VM
• network manager -> network connections -> killer ethernet controller -> edit -> ipv4 settings -> change method to "shared to other computers"

This is a similar method to what I was doing before, but it's leaving wifi on the linux host, not pc guest. I'm getting similar speedtests both on host and VM.

The only problem is that my guest is now on a different subnet will check back if I figure out how to solve that issue.