Ok, so I'm weird.
A while ago I set up my laptop as a wired to wireless router.
The primary reason for this is that at work I am usually on the wireless network.
I have occasionally had need to give network access to another machine that did not have (working) wireless in a place without access to a wired network port.
This process was not all that difficult.
Recently however, I decided that it would be nice to give network access to virtual machines as well.
This required a little bit of configuration tweaking.
I'm not going to go into all the required kernel configuration or required tools (bridge-utils, etc) that are needed to do routing and bridging (at least not at the moment) since there are many pages detailing what is needed.
I'm assuming the reader already knows the basics of routing and bridging.
The wireless network (wlan0) is configured for dhcp.
A network bridge (br0) is configured that bridges the wired interface (eth0) and the set of virtual tap interfaces (qemu0-qemu9)
The network bridge (br0) is given a private address.
The network bridge (br0) has dhcpd and named running on it to give addresses to the tap interfaces (qemu0-qemu9) as well as anything connected to the wired interface (eth0).
Shorewall is configured to allow everything to talk to everything.
The machines and virtual machines in the bridge can talk to each other and can also access the external network by routing across the wireless.
Machines on the outside of the wireless should be able to access machines in the bridge if you configure shorewall to forward ports to the appropriate members, though I haven't actually tested this yet.
startlan - configures the bridge interface and starts network services
ifconfig br0 192.168.200.1 /etc/init.d/named start /etc/init.d/dhcpd start /etc/init.d/shorewall start
stoplan - stops network services and resets the bridge interface back to null
/etc/init.d/named stop /etc/init.d/dhcpd stop /etc/init.d/shorewall stop /etc/init.d/net.br0 restart
/etc/conf.d/net - don't forget to create all the proper /etc/init.d/net.interface symlinks.
dns_domain_lo="resnet"
#config_eth0=( "dhcp" )
config_eth0=( "null" )
#this specifies that interface vbox0 will be a tap interface and use the tunctl command to generate itself
tuntap_qemu0="tap"
#ALL interfaces part of a bridge should be null, otherwise oddities may occur.
config_qemu0=( "null")
#tunctl_qemu0=("-u <user>")
tuntap_qemu1="tap"
#tunctl_qemu1=( "-u <user>" )
config_qemu1=( "null" )
tuntap_qemu2="tap"
#tunctl_qemu2=( "-u <user>" )
config_qemu2=( "null" )
tuntap_qemu3="tap"
#tunctl_qemu3=( "-u <user>" )
config_qemu3=( "null" )
tuntap_qemu4="tap"
config_qemu4=( "null" )
tuntap_qemu5="tap"
config_qemu5=( "null" )
tuntap_qemu6="tap"
config_qemu6=( "null" )
tuntap_qemu7="tap"
config_qemu7=( "null" )
tuntap_qemu8="tap"
config_qemu8=( "null" )
tuntap_qemu9="tap"
config_qemu9=( "null" )
#If you'd prefer a dynamic ip address for the machine, use
config_br0=( "null" )
bridge_br0="eth0 qemu0 qemu1 qemu2 qemu3 qemu4 qemu5 qemu6 qemu7 qemu8 qemu9"
#Make sure your baselayout is recent enough to support this
depend_br0()
{
need net.eth0
need net.qemu0
need net.qemu1
need net.qemu2
need net.qemu3
need net.qemu4
need net.qemu5
need net.qemu6
need net.qemu7
need net.qemu8
need net.qemu9
}
brctl_br0=( "setfd 0"
"sethello 0"
"stp off" )
modules=( "wpa_supplicant" )
wpa_supplicant_wlan0="-Dwext"
mode_wlan0="managed"
config_wlan0=( "dhcp" )
/etc/conf.d/dhcpd
# If you wish to run dhcpd in a chroot, uncomment the following line DHCPD_CHROOT="/chroot/dhcp" # Then run emerge dhcp --config # All file paths below are relative to the chroot. # You can specify a different chroot directory but MAKE SURE it's empty. # Specify a configuration file - the default is /etc/dhcp/dhcpd.conf DHCPD_CONF="/etc/dhcp/dhcpd.conf" # Configure which interface or interfaces to for dhcpd to listen on. # List all interfaces space separated. If this is not specified then # we listen on all interfaces. DHCPD_IFACE="br0"
/etc/conf.d/named
# Set various named options here.
#
OPTIONS=""
# Set this to the number of processors you have.
#
CPU="1"
# If you wish to run bind in a chroot, run:
# emerge --config =<bind-version>
# and un-comment the following line.
# You can specify a different chroot directory but MAKE SURE it's empty.
CHROOT="/chroot/dns"
# Default pid file location
PIDFILE="${CHROOT}/var/run/named/named.pid"
# Scheduling priority: 19 is the lowest and -20 is the highest.
#
NAMED_NICELEVEL="0"
/chroot/dhcp/etc/dhcp/dhcpd.conf - note that this is configured to send pxe clients to the ltsp pxe server running in a virtual machine
log-facility syslog;
option netbios-name-servers 192.168.200.1;
use-host-decl-names on;
option ntp-servers 192.168.200.1;
option domain-name "escapenet";
option time-servers 192.168.200.1;
option domain-name-servers 192.168.200.1;
option routers 192.168.200.1;
option log-servers 192.168.200.1;
option root-path "192.168.200.3:/opt/ltsp/i386";
if substring ( option vendor-class-identifier, 0, 9 ) = "PXEClient" {
filename "/ltsp/i386/pxelinux.0";
} else {
filename "/ltsp/i386/nbi.img";
}
#filename "/lts/vmlinuz-2.4.26-ltsp-2";
next-server 192.168.200.3;
ddns-update-style interim;
ddns-updates on;
ddns-domainname "escapenet";
ddns-rev-domainname "in-addr.arpa";
deny client-updates;
subnet 192.168.200.0 netmask 255.255.255.0 {
range 192.168.200.200 192.168.200.250;
group {
use-host-decl-names on;
host frisbee {
hardware ethernet xx:xx:xx:xx:xx:xx;
fixed-address 192.168.200.2;
}
host lernaean-hydra {
hardware ethernet xx:xx:xx:xx:xx:xx;
fixed-address 192.168.200.3;
}
}
}
/chroot/dns/etc/bind/named.conf
options {
directory "/var/bind";
listen-on { any; };
allow-query { any; };
// if you have problems and are behind a firewall:
//query-source address * port 53;
pid-file "/var/run/named/named.pid";
//I use these on my main lan router, but not on the laptop routing config since the wireless network will have it's own servers
//forwarders {
// OpenDNS
// 208.67.222.222;
// 208.67.220.220;
//};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "pri/localhost.zone";
allow-update { none; };
notify no;
};
zone "127.in-addr.arpa" IN {
type master;
file "pri/127.zone";
allow-update { none; };
notify no;
};
zone com IN { type delegation-only; };
zone net IN { type delegation-only; };
zone "escapenet" {
type master;
file "/var/bind/escapenet.hosts";
allow-update {
any;
};
allow-query {
any;
};
allow-transfer {
any;
};
};
zone "200.168.192.in-addr.arpa" {
type master;
file "/var/bind/192.168.200.rev";
allow-update {
any;
};
allow-query {
any;
};
allow-transfer {
any;
};
};
/etc/shorewall/interfaces - note that the lan interface is the bridge itself
#ZONE INTERFACE BROADCAST OPTIONS lan br0 detect wlan wlan0 detect dhcp #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
/etc/shorewall/masq
#INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK wlan0 br0 #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
/etc/shorewall/policy - currently allow everyone to talk to everyone - I assume you'd need to setup port forwards in rules to allow wlan side clients to talk to machines in the bridge
#SOURCE DEST POLICY LOG LIMIT:BURST # LEVEL lan wlan ACCEPT wlan lan ACCEPT lan fw ACCEPT wlan fw ACCEPT fw lan ACCEPT fw wlan ACCEPT #all all REJECT info all all ACCEPT #LAST LINE -- DO NOT REMOVE
/etc/shorewall/zones
#ZONE TYPE OPTIONS IN OUT # OPTIONS OPTIONS fw firewall lan ipv4 wlan ipv4 #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE