I’m running an lxc container on devuan 10 beowulf, my base idea is having a virtual natted interface vmbr0, and packets from this interface forwarded to the net on eth0, wlan0 or whatever, and lxc containers connecting here through macvlan interface lxcbr0 used as bridge
Rules for forwarding would be set by the firewall, without intervention of lxc-net
For unknown reasons packages sent by the container don’t make their way to vmbr0 and thus to the isc-dhcp-server present on that interface
Here are the ifupdown configs:
auto vmbr0
iface vmbr0 inet static
bridge_ports none
bridge_fd 0
bridge_maxwait 0
address 192.168.252.1
netmask 255.255.255.0
hwaddress ether 8e:81:fc:d0:19:34
up /bin/ip -6 addr add fc00:0:0:fc::1/64 dev $IFACE label $IFACE
down /bin/ip -6 addr del fc00:0:0:fc::1/64 dev $IFACE label $IFACE
post-up ip link add lxcbr0 link $IFACE type macvlan mode bridge
post-up ip link set dev lxcbr0 address 8e:81:fc:a4:12:24
post-up ip link set dev lxcbr0 up
pre-down ip -4 addr flush dev lxcbr0
pre-down ip link set dev lxcbr0 down
pre-down ip link del lxcbr0 link vmbr0 type macvlan mode bridge
and lxc configs:
# Template used to create this container: /usr/share/lxc/templates/lxc-devuan
# Parameters passed to the template: -r beowulf
# Template script checksum (SHA-1): b7d4ecc228f237f6fc533bce8a395a682e88d9d3
# For additional config options, please look at lxc.container.conf(5)
# Uncomment the following line to support nesting containers:
#lxc.include = /usr/share/lxc/config/nesting.conf
# (Be aware this has security implications)
# APPARMOR
lxc.apparmor.profile = generated
lxc.apparmor.allow_nesting = 1
# Network
lxc.net.0.type = macvlan
lxc.net.0.macvlan.mode = bridge
lxc.net.0.flags = up
lxc.net.0.link = lxcbr0
lxc.net.0.name = eth0
lxc.net.0.hwaddr = 00:16:3e:37:da:f9
lxc.net.0.mtu = 1500
lxc.rootfs.path = dir:/var/lib/lxc/devuan-test/rootfs
# Common configuration
lxc.include = /usr/share/lxc/config/devuan.common.conf
# Container specific configuration
lxc.tty.max = 4
lxc.uts.name = devuan-test
lxc.arch = amd64
lxc.pty.max = 1024