How to set up NAT for Qemu with TAP backend? (Windows 10)

Question

I want to use the TAP network backend instead of the default SLIRP that Qemu provides. This is the batch file I use to create the VM (inspired by this):

@echo off
set "QEMUIMG=D:\user\VMs\Qemu\qemu\qemu-img.exe"
set "IMAGE=disk.img"
set "ISOFILE=D:\user\VMs\isos\isofile.iso"
set "QEMUBIN=D:\user\VMs\Qemu\qemu\qemu-system-x86_64.exe"

rem ==================================
rem Safety net
rem ==================================
if not exist %IMAGE% (
    rem CREATE a virtual hard disk 
    %QEMUIMG% create -f qcow2 %IMAGE% 32G
) else (
    echo file %IMAGE% already exist. Delete or move and try again.
    goto:eof
)

rem ==================================
rem Run the virtual machine
rem ==================================>
start "QEMU" %QEMUBIN% -k us -usb -device usb-tablet -drive ^
file=%IMAGE%,index=0,media=disk,format=qcow2 -cdrom %ISOFILE% -m 2048M ^
-boot order=d -smp cpus=2 -rtc base=localtime,clock=host -parallel none ^
-serial none -name vm -no-acpi -no-hpet -no-reboot  -show-cursor ^
-netdev tap,id=tap0,ifname=mytap,script=no,downscript=no -device netdev=tap0 

Then:

• I download OpenVPN and install only the TAP-Win32 Virtual Ethernet Adapter.
• Now in Network Connections it appears a new interface: TAP-Windows Adapter V9 (which I rename to "mytap").

The next step is creating a bridge between the TAP adapter and the interface I use to connect to the Internet. But since I use Wi-Fi, it doesn't work, and bridging is less secure than NAT.

However, the instructions I've found to set up NAT are specific to OpenVPN or Hyper-V, and I don't know how to apply them to this case.

Any tips on how to proceed?

Answer 1

Once you have the TAP software installed, and an instance of the TAP Adapter created, go to the Network Connections window (in current Windows 10: Settings app -> Network & Internet, click on "Change adapter options") and find the name of the TAP adapter there. You can rename it from there if you want.

For instance my TAP Adapter instance is called Ethernet:

(this is what it looks like with the Network Connections window in Tiles mode)

Use the name of the TAP Adapter in the ifname= parameter of the -netdev tap on the Qemu command line.

Set the id= of the netdev to whatever you like; typical examples use mynet0. This is a name for the virtual network internal to the Qemu instance that connects some combination of the emulated network interfaces and TAP adapter connections.

Then you refer to this netdev to connect it to a virtual NIC (network interface card). The mechanics of doing this vary depending on what kind of machine you're emulating in Qemu.

For something like a PC, where you're specifying the NIC as a separate -device option, you put the netdev= in the device option:

-netdev tap,id=mynet0,ifname=Ethernet -device e1000,netdev=mynet0

For a system that has a default network device that you can't specify in a -device option, for instance the lance.0 in an SS-20, adding an extra -net nic section like this seems to be what's required:

-netdev tap,id=mynet0,ifname=Ethernet -net nic,model=lance,netdev=mynet0

When you launch Qemu you should see the TAP Adapter icon in the Network Connections window lose its "network cable unplugged" indication.

Now you can go ahead and configure the TAP Adapter on the Windows side however you like, using its icon in the Network Connections window, just as you would a physical NIC connected to a separate physical network, for instance:

• enabling "Allow other network users to connect through this computer's Internet connection" in its Properties' Sharing tab to configure it as a client network for Windows' built-in "Internet Connection Sharing" NAT,
• giving it local TCP/IP settings in its Properties to use it as a host-only network, or
• selecting it with another network adapter and bridging them through the right-click context menu if you want bridged networking.