Bridge virtual machines out WLAN interface

Bridging over an 802.11 network is not as straightforward as bridging over Ethernet, and it's not something a normal WiFi driver/adapter on a host would do.

For most virtualization products, it's useful to be able to remotely manage them, so I don't think you're going to get away with not having the host have an IP address.

If you don't configure a gateway, then the VM and your guests (if you're using NAT) won't be able to communicate with anything outside your LAN.

Unfortunately yes, it's a common restriction on wlan cards, to prevent you from using them as repeaters or something.

Why don't you want the host to have an IP, and what's wrong with regular NAT on the host?

Something I've thought of that might work:

• assign 1 virtual interface (eth0:0 etc) on the host's wlan for each virtual machine
• assign (from a different private range) IP addresses to the vms
• use static nat to map each outside address to each inside address.

Then all the traffic that comes out of the host will be sent with the host's MAC address.

I think you might have to assign the host's wlan IPs statically, as DHCP will hand out one IP address per mac address.

Some security systems don't like multiple IPs on one MAC, which there's little you can do about if you don't have control of those systems.

If you are this paranoid about getting the host infected by something you shouldn't be using the host as intermediary between the LAN and the VM in the first place.

Don't use a VM. Use a physical machine.

If you can only carry 1 laptop, make it dual-boot. Encrypt the safe installation and make sure the un-safe install doesn't have the encryption software installed.

Yes, this will probably be inconvenient. But remember: Safety and inconvenience are 2 sides of the same coin.