QEMU NAT

README.md

Put in /etc/qemu/bridge.conf:

allow bridge0

Run as

sudo ./bridge-up.sh
sudo ./firewall.sh
./qemu.sh
sudo ./bridge-down.sh

bridge-down.sh

#!/bin/sh
# bridge-down, run with sudo

ip link del bridge0

bridge-up.sh

#!/bin/sh
# bridge-up, run with sudo

sysctl net.ipv4.ip_forward=1
ip link add name bridge0 type bridge
ip link set bridge0 up
ip addr add 192.168.167.1/24 dev bridge0

firewall.sh

#!/bin/sh
# iptables, run with sudo

IPT=$(which iptables)
IF_INT1="bridge0"
IF_EXT="wlp3s0"
NET_INT0="192.168.167.0/24"
IP_EXT="192.168.0.104"
HTTP=80
HTTPS=443
SSH=22
# Cleanup ifconfig rules
$IPT -F
$IPT -X
$IPT -Z
# Cleanup nat table
$IPT -t nat -F
$IPT -t nat -X
$IPT -t nat -Z
# Cleanup postrouting also
$IPT -t nat -F POSTROUTING
# Allow internal and external forwarding
$IPT -A FORWARD -i $IF_EXT -o $IF_INT1 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -A FORWARD -i $IF_INT1 -o $IF_EXT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
# NAT itself
$IPT -t nat -A POSTROUTING -s $NET_INT0 -o $IF_EXT -j SNAT --to-source $IP_EXT

qemu.sh

#!/bin/sh
disk="alpine.raw"
graphics="-vga std"
macaddr="DE:AD:BE:EF:4F:9D"

exec qemu-system-x86_64 \
  -machine type=q35,accel=kvm \
  -cpu host \
  -smp 1 \
  -enable-kvm \
  -drive file=$disk,format=raw \
  -netdev bridge,id=net0,br=bridge0  \
  -device e1000,netdev=net0 \
  -m 512M \
  -usb -device usb-tablet \
  -name Alpine\ Linux \
  -boot d \
  $graphics \
  "$@" \
  &