LXC Guest Setup
As I discussed in Introduction: Novice to Network Admin the goal is to run a router/firewall inside a LXC guest so there is little to no overhead when routing packets. So I created an unpriviledged LXC guest with a Debian 10 template.
Resources
The mini PC this will run on isn't a powerhouse but should provide more than enough resources and have a few spare cycles leftover for something useful like running Pi-hole.
| Cores | unlimited (4 cores) |
| Memory | 2048 MiB |
| Swap | 512 MiB |
| Root Disk | 2 GB |
Networking
| Device | ID | Name |
|---|---|---|
| physical | net0 | eth0 |
| virtio | net1 | eth1 |
Because there is some overhead with using an Ethernet Bridge I only wanted to use one where it made the most sense. Since the Ethernet connection from the modem will only ever talk directly to this LXC guest I am "passing" one of the physical Ethernet interfaces from Proxmox to this LXC guest. This makes it unavailable to the host and allows the LXC guest direct access to it similar to how PCI(e) Passthrough would work on a virtual machine.
This can be accomplished with Proxmox/LXC configuration similar to what is shown below.
# /etc/pve/lxc/100.conf
net1: name=eth1,bridge=vmbr0,hwaddr=D6:A9:67:D5:66:22,type=veth
+ lxc.net.0.type: phys
+ lxc.net.0.link: enp1s0
+ lxc.net.0.name: eth0
Be careful to not reuse the same index for `lxc.net.[index]` and `net[index]` values or the guest will fail to boot.
Operating System
I didn't have to do much to the system itself other than making sure the timezone was correct and that it was up to date.
$ dpkg-reconfigure tzdata
$ apt update
$ apt upgrade
No Comments