LXC Guest Setup
As discussed in Introduction: Novice to Network Admin the goal is to run a router/firewall inside a LXC guest so there is little to no overhead when routing packets around. So I created an unpriviledged LXC guest with a Debian 10 template.
Resources
The mini PC this will run on isn't a powerhouse but should provide more than enough resources to serve the purpose and have a few spare cycles leftover for something useful like running Pi-hole.
Cores | unlimited (4 cores) |
Memory | 2048 MiB |
Swap | 512 MiB |
Root Disk | 2 GB |
Networking
Device | ID | Name |
---|---|---|
physical | net0 | eth0 |
virtio | net1 | eth1 |
Because there is some overhead with using an Ethernet Bridge I only wanted to use one where it made the most sense. Since the Ethernet connection from the modem iswill aonly conceptualever directtalk rundirectly to this LXC guest I am passing"passing" one of the physical Ethernet interfaces from Proxmox to thethis LXC guest. This makes it unavailable to the host and allows the LXC guest direct access to it similar to how PCI(e) Passthrough would work.work on a virtual machine.
This can be accomplished with Proxmox/LXC configuration similar to what is shown below.
Be careful to not reuse the same index for `lxc.net.[index]` and `net[index]` values or else you'll have trouble booting your guest.
# /etc/pve/lxc/100.conf
net1: name=eth1,bridge=vmbr0,hwaddr=D6:A9:67:D5:66:22,type=veth
+ lxc.net.0.type: phys
+ lxc.net.0.link: enp1s0
+ lxc.net.0.name: eth0
Operating System
Make sure everything the correct timezone and perform any other guest customizations you need to.
$ dpkg-reconfigure tzdata