Network setup for LXC to avoid loss of dedicated IPs in subnets

LXC uses bridges for communication between host and containers. To avoid losing IP addresses for network, gateway and broadcast address, you need to setup your containers using the pointopoint-option (not pointtopoint!!!). To be able to firewall your containers’ communication from the host, you will need to setup one bridge per virtual host.

Here is a working setup:

Your containers have IP addresses in the form of 11.22.33.ZZ .
You use a private point-to-point subnet in the form 172.16.ZZ.1 .

On the host:

auto brZZ
iface brZZ inet static
address 172.16.ZZ.1
bridge_ports none
bridge_fd 0
bridge_maxwait 0
post-up ip route add 11.22.33.ZZ/32 dev brZZ

The LXC container configuration contains the following:
lxc.utsname = hostname = veth = up = brZZ = eth0

On the container:

auto eth0
iface eth0 inet static
address 11.22.33.ZZ
pointopoint 172.16.ZZ.1
gateway 172.16.ZZ.1

If you want to use services on the host computer, it will appear as the gateway IP, i.e. 172.16.ZZ.1 . Connect to the host computer with that IP address. Connects from there will appear as coming from that IP address, too.