# LXC Guest Setup
As I discussed in [Introduction: Novice to Network Admin](https://bookstack.swigg.net/books/project-router/page/introduction-novice-to-network-admin) the goal is to run a router/firewall inside a _LXC_ guest so there is little to no overhead when routing packets. So I created an **unpriviledged** _LXC_ guest with a _Debian 10_ template.
## Resources
The [mini PC](https://bookstack.swigg.net/books/edge) this will run on isn't a powerhouse but should provide more than enough resources and have a few spare cycles leftover for something useful like running _Pi-hole_.
| | |
|-|-|
| Cores | *unlimited* (4 cores) |
| Memory | 2048 MiB |
| Swap | 512 MiB |
| Root Disk | 2 GB |
## Networking
| Device | ID | Name |
|----------|------|------|
| physical | net0 | eth0 |
| virtio | net1 | eth1 |
Because there is some overhead with using an [Ethernet Bridge](https://en.wikipedia.org/wiki/Bridging_(networking)) I only wanted to use one where it made the most sense. Since the Ethernet connection from the modem will only ever talk directly to this _LXC_ guest I am "passing" one of the physical Ethernet interfaces from _Proxmox_ to this _LXC_ guest. This makes it unavailable to the host and allows the _LXC_ guest direct access to it similar to how [PCI(e) Passthrough](https://pve.proxmox.com/wiki/PCI(e)_Passthrough) would work on a virtual machine.
This can be accomplished with _Proxmox_/_LXC_ configuration similar to what is shown below.
```diff
# /etc/pve/lxc/100.conf
net1: name=eth1,bridge=vmbr0,hwaddr=D6:A9:67:D5:66:22,type=veth
+ lxc.net.0.type: phys
+ lxc.net.0.link: enp1s0
+ lxc.net.0.name: eth0
```
Be careful to not reuse the same index for `lxc.net.[index]` and `net[index]` values or the guest will fail to boot.
## Operating System
I didn't have to do much to the system itself other than making sure the timezone was correct and that it was up to date.
```bash
$ dpkg-reconfigure tzdata
$ apt update
$ apt upgrade
```