sudo lxc init
Sets up lxc-only network, and fiddles with iptables rule.
Only downside so far: you cannot access container OS’s from your LAN unless you fiddle with your router.
Ugly Fix:
lxc launch ubuntu:17.10 lxctest
lxc stop lxctest
lxc profile copy default webdev
lxc profile device set webdev eth0 nictype macvlan
lxc profile device set webdev eth0 parent enp64s0
lxc profile apply lxctest webdev
lxc start lxctest
lxc exec lxctest bash
or
ip link add mvlan0 link enp64s0 type macvlan mode bridge
lxc launch ubuntu:17.10 lxctest
lxc stop lxctest
lxc profile create macvlan
lxc profile edit macvlan
~
config: {}
description: ""
devices:
eth0:
nictype: macvlan
parent: mvlan0
type: nic
name: macvlan
used_by: []
~
lxc profile apply lxctest macvlan
lxc start lxctest
lxc exec lxctest bash
Of course, this brings us to a point where you do get machines to DHCP-identify on your network, but your host loses access to them.
It’s up to you wether you want to survive without host-to-VM network access, push static route to your router or add another host-guest-only VNIC for each container that you run.
Sources:
https://github.com/lxc/lxd/issues/1363
https://github.com/lxc/lxd/issues/1343