Lxdbr0 customize NAT

Hello All!

I have a cloud server running LXD 3.0 on Ubuntu 18.04 LTS and a (for me) complicated networking setup. The cloud server is connected to my local network via OpenVPN and my subnets are as follows: = Home network = OpenVPN clients = lxdbr0 on cloud server

OpenVPN is happily routing through to the cloud server and my containers are able to contact and ping the home network machines. The problem is in the NAT setting of lxcbr0, it’s enabled so the containers can access the internet, but the generated NAT rule is as follows:

-A POSTROUTING -s ! -d -m comment --comment “generated for LXD network lxdbr0” -j MASQUERADE

This causes traffic to everywhere that is not in to be NAT’ed, which means that the machines in my local network see all traffic coming from the containers as (lxdbr0’s host IPv4 address). In order to fix that, I removed that rule and replaced it with:

-A POSTROUTING -s ! -d -m comment --comment “generated for LXD network lxdbr0” -j MASQUERADE

This causes the containers and home network machines to be able to ping and create connections between all of them perfectly and the containers can still access the internet through the public IP of the cloud server. My questions are:

  • How do I get LXD to generate the NAT rule this way? Is that even possible?
  • Is what I did the right way to solve this problem?

Can’t you disable NAT on the lxdbr0 network in lxd and configure the rule manually? You probably only want to NAT traffic with a private IP address as source ( and are sent out the interface connected to the internet.