I spent a few days configuring my wireless network card to allow KMV guests to act as if they have a bridged network interface rather then NAT.

As it turns out you can not simply bridge your wireless card with brctl as you do a wired NIC and this type of network configuration is not supported in virt-manager. It also so happens you do not need parprouted either.

Use what is referred to as Proxy arp

Note: Although this how to was written for KVM, it should work with other protocols / guests as well. VirtualBox will configure all this automagically.

1. Install tunctl (Fedora / Centos) or uml-utilities (Debian / Ubuntu).

yum install tunctl

sudo apt-get install uml-utilities

2. Secure the tun. I prefer to configure the tun to be owned by root.kvm by adding the following to /etc/rc.local.

/bin/chown root.kvm /dev/kvm
/bin/chown -R root.kvm /dev/net
/bin/chmod -R 660 /dev/net

3. Bring up a tap device. This command must be run as root. Change “bodhi” to you user name.

tunctl -u bodhi

4. Enable arp proxy. Again these commands are run as root.

echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/conf/wlan0/proxy_arp
echo 1 > /proc/sys/net/ipv4/conf/tap0/proxy_arp

5. Configuration. This step is a bit complex.

A : Network. Assume a network of 192.168.0.0/24 with a router (used for DNS) at 192.168.0.1

B : Host. Assume the wireless card is wlan0.
The IP of the host does not matter, although we need to know it to configure the guest.
IP Host = 192.168.0.10
The IP address of the host will become the default gateway for the guest.

C : Tap. We do not assign a ip address to the tap, rather we assign a route on the host. This route will become the ip address of the guest.
route = 192.168.0.20

D: Guest. DHCP does not work so you will need to manually configure a static IP address of the guest.
IP address = route we assign to the tap, in this example 192.168.0.20
Netmask = 255.255.255.0
Default gateway = 192.168.0.10
DNS (nameserver) = 192.168.0.1

With that background …

On the host, set a route to be used by the tap / guest. Again, these commands need to be run as root.

ip link set tap0 up
route add -host 192.168.0.20 dev tap0

6. Now start the guest using the tap for networking, For KVM (note, unlike the previous examples, kvm is run as a user, not root !).

kvm -hda ~/fedora.qcow2 -net nic -net tap,ifname=tap0,script=no -usb -usbdevice tables

The guest will boot, but will not obtain an IP address via DHCP. Log into the guest and configure manually configure a static IP for the guest. This varies by guest, for linux guests (running gnome) you may use network manager if you wish :

Right click the NetworkManager icon -> Edit Connections …
Select “Auto eth0″ -> Click the Edit button on the Left.
In the IPv4 tab :
Change Method to “Manual”
In the “Address” section click the “Add button”
Address = 192.168.0.20 <- From the route command.
Netmask = 255.255.255.0
Gateway = 192.168.0.10 <- IP address of the host.

In the DNS Servers box use 192.168.0.1

Click the "Apply" box.

That's it , it should be working.

Extra Credit

For extra credit we can firewall the guest. This is may not be necessary if you are behind a LAN, but it is fun anyways.

Run these commands on the HOST.

# Allow all outgoing traffic from the guest to the LAN or internet.
iptables -A FORWARD -i tap0 -o wlan -j ACCEPT

# Allow only related / established connections fron the LAN/internet to the guest
iptables -A FORWARD -i wlan0 -o tap0 -m –state RELATED,ESTABLISHED -j ACCEPT

# As an example, allow connections to port 80 (Apache) to the guest.
iptables -A FORWARD -i wlan0 -o tap0 -p tcp –dport 80 -j ACCEPT

# Drop all other traffic
iptables -A FORWARD -i wlan0 -o tap0 -j DROP