Re: WLAN and Bridge

Reply: Jan Bramkamp : "Re: WLAN and Bridge"
In reply to: Jan Bramkamp : "Re: WLAN and Bridge"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Bjoern A. Zeeb <bzeeb-lists_at_lists.zabbadoz.net>
Date: Mon, 28 Jul 2025 13:24:40 UTC

On Mon, 28 Jul 2025, Jan Bramkamp wrote:

> On 13.07.25 02:58, Ben Hutton wrote:
>> Hi,
>> 
>> Is it possible to use a wlan device with a bridge and tap device for use 
>> with bhyve? When I've tried this I cannot seem to get traffic to route past 
>> the bridge.
>
> Not really. A normal Ethernet frame has two MAC addresses (source and 
> destination).
>
> WiFi adds a third MAC address to each frame (source, destination and access 
> point) with the client MAC address authenticated to the access point.
>
> What you want would require a fourth MAC address (source, destination, access 
> point, client) to separate the client authentication from source/destination 
> MAC address (depending on direction).
>
> Such a frame format exists and is used by WiFi repeaters, but it's not 
> commonly supported by FreeBSD WiFi drivers or access points.
>
>> My aim is to get bhyve working with network access on my laptop on WiFi. So 
>> far I have had to use Ethernet connections.
> All reasonably sane bhyve guest connections look like Ethernet to the bhyve 
> guest.
>> I have looked into NAT but am unsure how I would do this with bhyve?
>
> You would:
>
> * configure the host as a router
>
> * create a bridge (with a static MAC address if you want to)
>
> * not add any physical interfaces to the bridge

What is that bridge for if you are routing anyway?

You are forwarding packets and are doing { wlan | NAT } - forward - tap.
tap interfaces can have IP addresses.

> * assign at least on IP address out of an IP prefix assigned to the bridge
>
> * add the bhyve tap interfaces to the bridge
>
> * either configure a firewall (PF, IPFW) to NAT outgoing traffic or configure 
> a static route on the next router upstream.
>
> If you control the network including the next router upstream routing without 
> NAT is a lot cleaner and easier to understand.
>
> If you want to use it on the go connected to different networks you have no 
> alternative but to NAT.
>
> A potential alternative if you're only somewhat in control of the network 
> would be to setup proxy ARP/NDP to your one and only WiFi MAC address and add 
> host routes, but that would require some tinkering.
>
>
>

-- 
Bjoern A. Zeeb                                                     r15:7