Configuring NAT and Network for LXC Containers in Proxmox VE

Proxmox VE is a powerful platform for managing virtual machines and containers. Sometimes, LXC containers require internet access, and configuring NAT (Network Address Translation) on the Proxmox host is the way to achieve this. In this guide, we’ll set up NAT for an LXC container using a custom bridge and ensure persistent connectivity.

Step 1: Add a NAT Rule on the Proxmox Host

To enable internet access for the 192.168.50.0/24 subnet used by the LXC container, add a NAT rule:

1. Open a terminal on the Proxmox host.

2. Execute the following command:
   iptables -t nat -A POSTROUTING -s 192.168.50.0/24 -o vmbr0 -j MASQUERADE
   Replace vmbr0 with the interface or bridge connected to the external network or internet.

Step 2: Save the NAT Rule for Persistence

NAT rules are not persistent by default. To save the rule:

1. Install the iptables-persistent package:
   apt install iptables-persistent
   Follow the prompts to save the current rules.

2. Alternatively, manually save the rule:
   iptables-save > /etc/iptables/rules.v4

Step 3: Enable IP Forwarding

For NAT to work, IP forwarding must be enabled on the Proxmox host.

1. Edit the sysctl.conf file:
   nano /etc/sysctl.conf

2. Find and uncomment the following line:
   net.ipv4.ip_forward=1

3. Apply the changes:
   sysctl -p

Step 4: Verify Routing on the Host

Ensure the host has the correct routing setup:

Check the routing table:
ip route
Expected output:
default via <your-gateway-IP> dev vmbr0 proto kernel onlink

192.10.10.0/24 dev vmbr0 proto kernel scope link src <your-host-IP>

1. 192.168.50.0/24 dev vmbr11 proto kernel scope link src 192.168.50.1

Step 5: Configure the LXC Container

1. Open the configuration file for the container:
   nano /etc/pve/lxc/112.conf

2. Update the net0 configuration:
   net0: name=eth0,bridge=vmbr11,firewall=1,gw=192.168.50.1,hwaddr=7A:F6:E8:AA:C0:EF,ip=192.168.50.2/24,ip6=dhcp,type=veth

3. Save the file and restart the container:
   pct restart 112

Step 6: Enter the Container and Configure DNS

1. Enter the container:
   pct enter 112

2. Add a DNS server for the container:
   echo "nameserver 8.8.8.8" > /etc/resolv.conf

Test connectivity:
ping 1.1.1.1

3. ping google.com

Conclusion

Following these steps, your LXC container is now configured with internet access via NAT. This setup ensures persistent NAT rules and proper routing on the Proxmox host, allowing your container to seamlessly communicate with external networks. Additionally, you’ve configured DNS resolution inside the container to resolve domain names effectively.

By using Proxmox VE’s flexibility, you can expand this setup for multiple containers or further isolate networks for advanced use cases.