veth, macvlan or maybe sth else?
Well this interesting, I'm playing with a vserver and I do not really understand how it works with eth and dummy.
Whatever, in your case, I think you need to enable ip forwarding.
sysctl -w net.ipv4.conf.all.forwarding=1
Check /etc/sysctl.conf to make it permanent
Naming interface that come into the bridge is a good idea if you want to know who is who. In the lxc config file:
lxc.network.veth.pair=eth0-guest1
network in lxc allow more sophisticated networking. For example, you could simulate a real "proxy" with 2 virtual interface, one on a bridge (say br0) connected to internet (public IPs, dmz, whatever) another (say br1) connected to the "internal services"
.-----------.
| host eth0 |<----.
'-----------' |
.-------------------. .-------------------.
| br0 (public IP) | | br1 (10.1.1.1/24) |
'-------------------' '-------------------'
^ .--------------------. ^
'------------| guest squid |----|
'--------------------' |
.---------------. |
| guest apache1 |----'
'---------------' |
.---------------. |
| guest apache2 |----'
'---------------' |
.----------------.
| guest database |
'----------------'
Note: for a second virtual ethernet interface, just repeat the lxc.network... stanza
Got the same problem. I was trying to forward ports to lxc container with
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 7070 -j DNAT --to-destination 172.16.110.15:7070
But it doesn't work. The solution was really simple:
iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE
For more details look at this