[lxc-users] Is it possible to create a wireless bridge with proxy_arp

phep phep-lists at teletopie.net
Sat Apr 19 19:24:45 UTC 2014 

Hi,

Le 19/04/2014 19:50, Michael H. Warfield a écrit :
> No.  Well, maybe.  And maybe looks pretty grim.  How much of a masochist
> are you?  I looked into this off and on over several years and just

As I mentioned, I do this with KVM guests with few efforts. Don't have any 
inclination for suffering indeed!

> should work as well.  You could manually set up a tap tunnel at each
> end, even without OpenVPN, and manually tunnel it.  If you set up tap
> devices between the host and access point, you're then tunneling
> everything under WiFi client connection and the AP only sees the client
> MAC address but the tap devices and tunnel deal with the other devices.

While I'm not an expert wrt networking, this is exactly how I understand 
what I'm doing.

> I really need to read that referenced article to  comment further on

Sorry. I noticed the site was down only after sending my message. Actually, 
I made a short notice for myself about that blog entry some time ago, 
keeping the original URL. This is my summary (the title is misleading since 
there is no bridge involved, actually) in case it helps:

********************************************
Bridging with a wireless link with proxy_arp
********************************************

This is a ultra-short version of
http://blog.ericwhite.ca/articles/2011/04/creating-a-wireless-bridge/

This installation requires setting static IP for both host and guest.
We'll assume that:

- host has 192.168.0.153
- guest has 192.168.0.203

Keep the host's `/etc/network/interfaces` in a basic state::

   auto wlan0
   iface wlan0 inet static
     wpa-driver wext
     wpa-ssid SOMESSID
     wpa-psk blahblahblah
     address 192.168.0.153
     netmask 255.255.255.0
     broadcast 192.168.0.255
     gateway 192.168.0.1

Then add the a tap interface::

   # ip tuntap add dev tap0 mode tap

Enable proxy_arp on both devices::

   # echo 1 > /proc/sys/net/ipv4/conf/wlan0/proxy_arp
   # echo 1 > /proc/sys/net/ipv4/conf/tap0/proxy_arp

Add the host IP address to the tap interface::

   # ip addr add 192.168.0.153 dev tap0

Finish configuring the tap interface::

   # ip link set tap0 up
   # ip link set tap0 promisc on

Then add a route from the host to the guest::

   # ip route add 192.168.0.203 dev tap0

There just need to start the guest now.

> what they were doing but, regardless, that's not an LXC issue.  That's
> an outer host issue to be set up.

Yes, it is also an LXC issue. What is not described in my summary is that 
the KVM guest is started with something like (yes, I avoid libvirt and 
superfluous layers):

   # kvm -net nic,model=virtio -net tap,script=no,downscript=no,ifname=tap0 
.... blah blah blah

And this is how the guest interface is associated with the tap interface. 
And this is precisely the step I'm missing wrt LXC! ;-).

> nicey nicey with bridges in general.  That means you're going to have to
> manually deal with wpa_supplicant and iwconfig yourself before building
> the bridge and adding the interface to it.  That's all before you can
> even come close to LXC.

I don't play with NM. I use Debian's ifupdown. Moreover, I have a set of 
personal / ad hoc scripts that let me set up my network configuration (hosts 
and guests) with 2 or 3 commands according to where I am. Setting it up in a 
new place is generally nothing more than copying and adapting a set of 
configuration files.

> Where it comes to WiFi, you're better off going with a NAT'ed
> connection.

To be honest, 99% I'd be fine with a NAT'ed setup (wrt what I need to do 
with my KVM or LXC guests), but well, you know how it goes....

Regards,

Patrice

More information about the lxc-users mailing list