auto lo
iface lo inet loopback# eno1 is my physical network adapter name.
# Change 'eno1' *everywhere* in this file for your adapter name.
auto eno1
iface eno1 inet manual
post-up echo 1 > /proc/sys/net/ipv4/conf/eno1/proxy_arp# br0 is your *public* network interface.
# Change this to DHCP if appropriate for your network.
auto br0
iface br0 inet static
# This is the static *public* ip address and gateway:
address 192.168.2.10
netmask 255.255.255.0
gateway 192.168.2.1
# eno1 is the physical network interface to bridge:
bridge_ports eno1
bridge_stp off
bridge_fd 0
bridge_maxwait 0
post-up echo 1 > /proc/sys/net/ipv4/conf/br0/proxy_arp
# Add additional public ip addresses if available:
### post-up ip addr add 192.168.2.11/24 brd + dev br0
### post-up ip addr add 192.168.2.12/24 brd + dev br0auto vmbr1
iface vmbr1 inet static
# This is the static *private* subnet for containers
address 10.10.0.1
netmask 255.255.240.0
bridge_ports none
bridge_stp off
bridge_maxwait 0
bridge_fd 0
# On startup run the external firewall script
# to setup IP Masquerading and port forwards:
post-up /etc/firewall.sh
https://gist.github.com/EnigmaCurry/b9e518cffce1495c56f9afb55ab588b4