Create Bridge interface on the host and give internet access
sudo ip link add name br0 type bridge
sudo ip addr add 172.20.0.1/24 dev br0
sudo ip link set dev br0 up
sudo sysctl -w net.ipv4.ip_forward=1
sudo iptables --table nat --append POSTROUTING --out-interface enp3s0 -j MASQUERADE
sudo iptables --insert FORWARD --in-interface br0 -j ACCEPT
Create a tap device and link to the bridge
sudo ip tuntap add dev tap0 mode tap
sudo brctl addif br0 tap0
sudo ifconfig tap0 up
Get the mac
ip a | grep -A1 tap0 | grep ether
Add tap device
--tap-device=tap0/e2:40:73:d5:72:44
Inside the guest
ifconfig eth0 up && ip addr add dev eth0 172.20.0.2/16 && ip route
add default via 172.20.0.1 && echo "nameserver 8.8.8.8" > /etc/resolv.conf
2nd way
If you're using wireless and want to give the vm network access -- or don't want to use a bridge -- you can route from a tap device like this:
sudo ip tuntap add tap0 mode tap # user $(id -u) group $(id -g)
sudo ip addr add 172.17.100.1/24 dev tap0
sudo ip link set tap0 up
sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
sudo iptables -t nat -A POSTROUTING -o $WIRELESS_DEVICE_NAME -j MASQUERADE
sudo iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i tap0 -o $WIRELESS_DEVICE_NAME -j ACCEPT
($WIRELESS_DEVICE_NAME can be any bridge, wireless, or ethernet that exists on the host)
then from within the guest set an IP in the range that you gave tap0, just like how @bencord0 wrote:
ip addr add 172.17.100.10/24 dev eth0
ip route add default via 172.17.100.1 dev eth0
NB: this will also give your VM access to the other devices on your local network!
to tear it down (without rebooting):
sudo iptables -F
sudo ip link del tap0
sudo sh -c "echo 0 > /proc/sys/net/ipv4/ip_forward" # usually the default