CentOS virt - Sep 2015 - OT: adding a wifi adapter to openvswitch

On Thu, Sep 24, 2015 at 11:28 AM, Dmitry E. Mikhailov
<d.mikhailov at infocommunications.ru> wrote:
> Followup
>
> On 09/24/2015 01:59 PM, C.L. Martinez wrote:
>>
>>
>>
https://wiki.debian.org/BridgeNetworkConnections#Bridging_with_a_wireless_NIC?
>
> They are doing an interesting Ethernet NAT with the following idea:
>
> Your wireless station has MAC "A" and IP "X"
> The virtual machine on the wireless station has MAC "B" and IP
"Y"
>
> 1) To the outside world both your wireless station and virtual machine IPs
> would share the same MAC:
> Arp:
> IP "X": MAC "A"
> IP "Y": MAC "A" (translated from "B")
>
> 2) Every ingress packet coming to your wireless station with the VM's
IP "Y"
> would have it's MAC changed back
>
> This scheme could provide you connectivity but it's hacky and it
requires
> you to know the MAC and IP address combination of VM. So IMHO it's not
> really everyday mess-free usable.
>
> I'd prefer to have a real routing set up. Simple, fast and reliable.
Thanks Dimitry, but I use wlan0 or eth0 to connect my laptop to
different networks. I use a vm as fw and I would like to have all vms
and laptop behind this fw vm guest.

Another option is to assign an IP to these interfaces and natting all
to this fw vm ... but I don't like this option

On 09/24/2015 03:21 PM, C. L. Martinez wrote:
> Thanks Dimitry, but I use wlan0 or eth0 to connect my laptop to
> different networks. I use a vm as fw and I would like to have all vms
> and laptop behind this fw vm guest.
>
> Another option is to assign an IP to these interfaces and natting all
> to this fw vm ... but I don't like this option
It isn't going to be safe, simple and reliable. You won't have anything 
like 'NetworkManager' on the laptop host OS. It either should be heavily
scripted or not done at all.

You could write some fancy ebtables rules to do one-to-one MAC mapping 
between the fw VM interface and host interface and run DHCP client on 
the fw VM.

On the host you'd have static route to another fw VM interface.

But I can't imagine all the hotplug event scripting. How could fw VM 
find out if it's time to (re-)run DHCP client? How would you configure 
WPA keys on the host. How would find out if WiFi is disconnected, cable 
is connected and it's time to redo MAC mapping with another MAC address?

Without some real effort it's going to be fully(partly?) manual config 
with wpa_supplicant, ebtables and ssh'ing to fw VM involved. I doubt I 
would like to change from NetworkManager to this stuff instead.

That's why they do https://www.anonabox.com/
Otherwise you can get some OpenWRT on a commodity router to run some VPN 
or T#r or some other funny stuff

Actually I do a similar thing.

I use a VM as my home/office firewall.

It works quite well and I would argue it is as secure as your standard 
firewall based on something like openWRT running on dedicated hardware.

I also run a wireless AP in bridged mode to allow local network access 
on an appliance.

There should be no reason that you could not put both on the same 
physical hardware.

As for the openvswitch original question.
Openvswitch has an API that you can access to manage your traffic along 
with supporting Openflow.
If you can get events from your wireless interface then you could write 
some programs to connect to the switch API.

I am not sure the overall result is worth the effort but it will teach 
you lots about your wifi interface and Openvswitch.


On 09/24/2015 06:59 AM, Dmitry E. Mikhailov wrote:
> On 09/24/2015 03:21 PM, C. L. Martinez wrote:
>> Thanks Dimitry, but I use wlan0 or eth0 to connect my laptop to
>> different networks. I use a vm as fw and I would like to have all vms
>> and laptop behind this fw vm guest.
>>
>> Another option is to assign an IP to these interfaces and natting all
>> to this fw vm ... but I don't like this option
>
> It isn't going to be safe, simple and reliable. You won't have 
> anything like 'NetworkManager' on the laptop host OS. It either
should
> be heavily scripted or not done at all.
>
> You could write some fancy ebtables rules to do one-to-one MAC mapping 
> between the fw VM interface and host interface and run DHCP client on 
> the fw VM.
>
> On the host you'd have static route to another fw VM interface.
>
> But I can't imagine all the hotplug event scripting. How could fw VM 
> find out if it's time to (re-)run DHCP client? How would you configure 
> WPA keys on the host. How would find out if WiFi is disconnected, 
> cable is connected and it's time to redo MAC mapping with another MAC 
> address?
>
> Without some real effort it's going to be fully(partly?) manual config 
> with wpa_supplicant, ebtables and ssh'ing to fw VM involved. I doubt I 
> would like to change from NetworkManager to this stuff instead.
>
> That's why they do https://www.anonabox.com/
> Otherwise you can get some OpenWRT on a commodity router to run some 
> VPN or T#r or some other funny stuff
>
> _______________________________________________
> CentOS-virt mailing list
> CentOS-virt at centos.org
> https://lists.centos.org/mailman/listinfo/centos-virt

-- 
Alvin Starr                   ||   voice: (905)513-7688
Netvel Inc.                   ||   Cell:  (416)806-0133
alvin at netvel.net              ||