How to define a host's source IP address for the outbound traffic from the containers?

Hi,
I am using LXD 3.0.3 on Ubuntu 18.04. For networking the standard lxdbr0 with NAT is used.
The host has just one Ethernet interface with two IP addresses from the same subnet assigned:

    link/ether 42:01:0a:50:07:02 brd ff:ff:ff:ff:ff:ff
    inet 10.80.7.4/32 scope global ens4
       valid_lft forever preferred_lft forever
    inet 10.80.7.2/32 scope global dynamic ens4
       valid_lft 74940sec preferred_lft 74940sec
    inet6 fe80::4001:aff:fe50:702/64 scope link
       valid_lft forever preferred_lft forever
3: lxdbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether fe:bf:f6:e0:fc:bb brd ff:ff:ff:ff:ff:ff
    inet 10.73.64.1/24 scope global lxdbr0 

The requirement is that the outbound traffic from the containers will go out from the host with source address 10.80.7.2. But in reality, the packets are sent from source address 10.80.7.4. I guess it is because this address is configured as the first address on the interface.
The default route on the host is configured as
default via 10.80.7.1 dev ens4 proto dhcp src 10.80.7.2 metric 100
but I think that it is not relevant to the problem.
Is it possible to define a source address for the outbound traffic?
Thank you in advance,
Leonid

The ipv4.nat.address network setting is what you want for this.

e.g. lxc network set lxdbr0 ipv4.nat.address=n.n.n.n

See Networks | LXD

Unfortunately, the ipv4.nat.address is not available in LXD 3.0.3 LTS version.

Leonid

Ah OK, well LXD 4.0 LTS has it.

Is it possible to achieve what I need by some iptables rules?
Leonid

Yes, if you take a copy of the iptables rules that LXD sets up (sudo iptables-save), then disable the automatic rules using lxc network set lxdbr0 ipv4.firewall=false, and then manually re-create them only with altering the NAT rule to manually change the IP to the one desired.

The ipv4.firewall=false is already disabled by default.
Could you write an example of the rule that changes the source address?
Thank you in advance,
L

Well, inserting a SNAT rule before the MASQUERADE rule seems to solve the problem:

num  target     prot opt source               destination
1    SNAT       all  --  anywhere             1.2.3.4       to:10.80.7.2
2    MASQUERADE  all  --  10.73.64.0/24       !10.73.64.0/24        /* generated for LXD network lxdbr0 */

where,
1.2.3.4 is the destination public address
10.80.7.2 is the host IP address that should be used as the source address
10.73.64.0/24 is the lxdbr0 subnet.