LXC not sending packets through macvlan

I’m running an lxc container on devuan 10 beowulf, my base idea is having a virtual natted interface vmbr0, and packets from this interface forwarded to the net on eth0, wlan0 or whatever, and lxc containers connecting here through macvlan interface lxcbr0 used as bridge
Rules for forwarding would be set by the firewall, without intervention of lxc-net
For unknown reasons packages sent by the container don’t make their way to vmbr0 and thus to the isc-dhcp-server present on that interface

Here are the ifupdown configs:

auto vmbr0
iface vmbr0 inet static
    bridge_ports none
    bridge_fd 0
    bridge_maxwait 0
    hwaddress ether 8e:81:fc:d0:19:34
    up /bin/ip -6 addr add fc00:0:0:fc::1/64 dev $IFACE label $IFACE
    down /bin/ip -6 addr del fc00:0:0:fc::1/64 dev $IFACE label $IFACE
    post-up ip link add lxcbr0 link $IFACE type macvlan mode bridge
    post-up ip link set dev lxcbr0 address 8e:81:fc:a4:12:24
    post-up ip link set dev lxcbr0 up
    pre-down ip -4 addr flush dev lxcbr0
    pre-down ip link set dev lxcbr0 down
    pre-down ip link del lxcbr0 link vmbr0 type macvlan mode bridge

and lxc configs:

# Template used to create this container: /usr/share/lxc/templates/lxc-devuan
# Parameters passed to the template: -r beowulf
# Template script checksum (SHA-1): b7d4ecc228f237f6fc533bce8a395a682e88d9d3
# For additional config options, please look at lxc.container.conf(5)

# Uncomment the following line to support nesting containers:
#lxc.include = /usr/share/lxc/config/nesting.conf
# (Be aware this has security implications)

lxc.apparmor.profile = generated
lxc.apparmor.allow_nesting = 1
# Network
lxc.net.0.type = macvlan
lxc.net.0.macvlan.mode = bridge
lxc.net.0.flags = up
lxc.net.0.link = lxcbr0
lxc.net.0.name = eth0
lxc.net.0.hwaddr = 00:16:3e:37:da:f9
lxc.net.0.mtu = 1500
lxc.rootfs.path = dir:/var/lib/lxc/devuan-test/rootfs

# Common configuration
lxc.include = /usr/share/lxc/config/devuan.common.conf

# Container specific configuration
lxc.tty.max = 4
lxc.uts.name = devuan-test
lxc.arch = amd64
lxc.pty.max = 1024


The macvlan device type does not allow the container to communicate with the host or vice versa, so you cannot do any processing on the host as packets pass through it.

The veth device type does allow this, so using it in bridge mode may allow you to achieve what you want.

More info on that specifically? I know I can set up a veth but iirc it generates n interfaces with n being the number of containers

Found out the solution by myself through reading lxc-net script, unluckily interfaces are still generated dinamically:

ifupdown config

auto lxcbr0
iface lxcbr0 inet static
    bridge_ports none
    bridge_fd 0
    bridge_maxwait 0
    address <your address here>
    hwaddress ether <your mac address here>
    up /bin/ip -6 addr add <your ipv6 address here> dev $IFACE label $IFACE
    up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_dad
    up touch /run/lxc/network_up
    down /bin/ip -6 addr del <your ipv6 address here> dev $IFACE label $IFACE
    down touch /run/lxc/network_down

container config:

lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.name = eth0
lxc.net.0.hwaddr = 00:16:3e:xx:xx:xx
lxc.net.0.flags = up
lxc.net.0.mtu = 1500

/etc/default/lxc USE_LXC_BRIDGE should be set to true as well

Obviously this needs a DHCP server and rules for forwarding/masquerade on iptables as well

Little note, thanks to admins fixing my mistype in title