LXC uses bridges for communication between host and containers. To avoid losing IP addresses for network, gateway and broadcast address, you need to setup your containers using the pointopoint-option (not pointtopoint!!!). To be able to firewall your containers’ communication from the host, you will need to setup one bridge per virtual host.
Here is a working setup:
Your containers have IP addresses in the form of 11.22.33.ZZ .
You use a private point-to-point subnet in the form 172.16.ZZ.1 .
On the host:
iface brZZ inet static
post-up ip route add 11.22.33.ZZ/32 dev brZZ
The LXC container configuration contains the following:
lxc.utsname = hostname
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = brZZ
lxc.network.name = eth0
On the container:
iface eth0 inet static
If you want to use services on the host computer, it will appear as the gateway IP, i.e. 172.16.ZZ.1 . Connect to the host computer with that IP address. Connects from there will appear as coming from that IP address, too.