Using Wireless Adapter as KVM Network Bridge (br0 or br1) – Rocky Linux 9.X

Tuesday, May 20th, 2025

Using Wireless Adapter as KVM Network Bridge (br0 or br1) – Rocky Linux 9.X

They said it couldn't be done, but it can, depending on your wireless adapter card.  I recently bought a Minisforum EM680 Mini PC, and to my surprise, it didn't come with any ethernet ports.  It only has a Wi-Fi PCI-E card in it.  Ok, so that presents a problem, as I wanted to use it as a KVM virtual machine host with bridged networking.  At first, I wasn't able to get this to work, but after finding this post, I got it working!  If your wireless adapter supports 4addr (WDS mode), you can get it working as you normally would when using an ethernet port.  Here's how.

Step 1:  Connect to your desired wireless network normally post installation of Rocky Linux 9.

Step 2:  Create your network bridge configurations as you normally would (not specified in this guide).  My script creates br0 (for use at datacenters with static IPs) and br1 (a general DHCP bridge). 

Step 3:  Enable 4addr for your adapter.

Get the name of your wireless device by running the following command:

ip a

Mine happens to be named wlp1s0. Yours could be different. Make a note of the name of your connected wireless adapter and use it in the below scripts:

sudo nano /etc/systemd/system/4addr.service 

Add the following contents to this file:

[Unit]
Description=wlan-4addr
Wants=network.target
Before=network.target systemd-networkd.service
BindsTo=sys-subsystem-net-devices-wlp1s0.device
After=sys-subsystem-net-devices-wlp1s0.device

[Service]
Type=oneshot
ExecStart=/usr/sbin/iw dev wlp1s0 set 4addr on
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target

Save and exit.

Enable the service at boot:

sudo systemctl enable 4addr.service 

Step 4:  Reboot

Step 5:  Check that 4addr is on and working

iw dev wlp1s0 info

You should see something like:

4addr: on 

At the end of the output. 

Step 6:  Configure your wireless adapter to be controlled by your desired network bridge.  In my case, I wanted my wireless adapter to be a part of br1 (my general DHCP bridge).  To do this, I edited the associated .nmconnection file in the /etc/NetworkManager/system-connections directory.  The name of the .nmconnection file will be the wireless SSID you're connected to.  So, for example, if your SSID is test, it will be named test.nmconnection.

Add the controller and port-type configuration lines as shown in the below sample configuration.  My .nmconnection configuration looks like this (SSID and passwords removed):

[connection]
id=cool
uuid=015a8f8f-5440-40b5-8caf-e6ff3f9d63e1
type=wifi
interface-name=wlp1s0
controller=br1
port-type=bridge

[wifi]
mode=infrastructure
ssid={WIFI_SSID_HERE}

[wifi-security]
auth-alg=open
key-mgmt=wpa-psk
psk={WIFI_PASSWORD_HERE}

[bridge-port]

Save your changes.

My ifcfg-br1 bridge configuration file in the /etc/sysconfig/network-scripts directory looks like this:

TYPE=Bridge
BOOTPROTO=dhcp
DEVICE=br1
ONBOOT=yes
ZONE=public

Step 7:  Reboot

KVM guests using br1 and the default NAT interface (managed by QEMU and KVM) will work just fine via your wireless device now!

Allow Anonymous Read Only FTP via VSFTPD

Saturday, January 3rd, 2015

Anonymous VSFTPD Setup (Read Only)

Configuration:

In order to enable anonymous FTP connections to a particular directory while still supporting authentication for virtual users for their files via PAM isn't that difficult.  Install VSFTPD if you haven't done so already by running the following command:

sudo apt-get install vsftpd

Create a backup of your existing VSFTPD confiugration file (this guide assumes you have already installed vsftpd):

sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.bak

Next, let's edit the file:

sudo nano /etc/vsftpd.conf

Add the following lines to your configuration file:

anonymous_enable=YES
anon_root={INSERT_PATH_TO_ANONYMOUS_DIRECTORY}
anon_mkdir_write_enable=NO
anon_upload_enable=NO

Adding these lines enables anonymous FTP to the specified directory where files can be read and downloaded only.  Anonymous users cannot write, delete, change, or modify files because of the anon_mkdir_write_enable=NO and the anon_upload_enable=NO configuration lines.  For your changes to take effect, restart vsftpd.

sudo service vsftpd restart

You're done!