Configure LXD container with public IP and make it available online

Guys, I need help. I know this question has been asked many times in many forms with many possible solutions of different fashion and believe me I spent the last 3 days reading through all the questions and replies in Linuxcontainers, askubuntu and the whole stackexchange network then trying to apply said solutions to no avail. Probably something to do with my particular configuration.

My objective : Make one LXD container (CONTPUB) available on Internet with a public IP address (IP failover from OVH for which I created a virtual mac address that I applied to the container in question). I don’t care if the container is able to communicate with host and/or other containers or not as long as it’s visible online incoming/outgoing.

My configuration:

  • Host (HOST) bare metal at OVH under Ubuntu 16.04 with public IP (IP_HOST) with LXC/LXD version 3.0.3 with main interface br0 and already hosting many containers (various Ubuntu versions) bridged through lxdbr0 and having internet access through IPTABLES NAT rules to their respective local IPs given from the lxdbr0 bridge (10.3.241.x).

  • A Container (CONTPUB) Under Ubuntu 20.04 (so Netplan it is) that must appear to the outside world with its own public IP (IP_CONTAINER).

I don’t know why all the solutions I tried didn’t work, the Ubuntu versions differences? the LXD version? the IPTABLES firewall? or an issue at OVH’s level? I couldn’t, for the life of me, make the IP_CONTAINER live and ping it from outside.

You mention IP failover, will the container be doing that or an outside system?

The system in the container has nothing to do with the host system, it’s for a completely different purpose.
For those familiar with OVH dashboard terminology, they use the term IP failover but it’s actually just an extra IP that one can purchase to use for a VM, as a secondary IP for the host, as an IP dedicated for a mail server or for a goup of Vhosts of the webserver, or… indeed as a failover for the host machine.

Try using a routed NIC on that container with the public IP: