i have different bridges for set of services, i would also recommend attaching ACL rules ( Network Isolation by Project on Single Server Incus Host ) so bridges can’t talk to each which happens by default. for requesting LAN IP directly, you can use macvlan network type sudo inucs network create macvlan --type=macvlan parent=<host-interface> and then use --network macvlan on any instance you create.
for reverse proxy, i have nginx on incus host for maximum perf and it then routes to any bridge i want. if you configure ACL, make sure to also allow ingress from the bridge’s gateway IP for host to communicate with the bridge….