[Lxc-users] Mixing public and private IPs for guests - network configuration?

[David Michard]

Hello,

Disclaimer: this question may seem simple to all virtualization
wizards, although I have read _many_ LXC (and other virtualization
technologies) tutorials, none of them provide a description of the
technical setting required.

Context:
I rent a dedicated server from OVH, which is provided with 3 IP
addresses: PUB1, PUB2 and PUB3.
PUB1 is associated with a subnet and a gateway, but PUB2 and PUB3 are
provided without such information. I was just informed that these 2 IP
are routed to PUB1, without the need to setup additional network
configuration, except of course for the IP aliases (eth0:0 and
eth0:1). These 2 additional IP adresses have no associated gateway or
netmask (unless /32)...

Problem:
2 LXC guests (LXC_PUB2 and LXC_PUB3) can connect to the internet if I
assign them PUB2 and PUB3 and create a bridge on eth0, which is using
PUB1 for the host.
When I try to access the SSH server hosted on LXC_PUB2 or LXC_PUB3
from another computer, I see the authentication prompt of the host,
not of the guests. It is not possible to access the guests from the
outside.
It is not possible to access the guests from the host (other than
using lxc-console).

Requirement:
The host (Linux / Debian Squeeze) will host many LXC guests. Some of
them will have dedicated public IP addresses (from various subnets),
other will be "private" guests using private (non routable) IP
adresses, for development and UAT.
All packets sent from the internet to PUB1 should be directed to ports
opened on the host.
All packets sent from the internet to PUB2 should be directed to LXC_PUB2.
All packets sent from the internet to PUB3 should be directed to LXC_PUB3.
LXC_PUB2 and LXC_PUB3 should be able to communicate between each other.
LXC_PUB2 and LXC_PUB3 should be able to communicate with the other
local guests using non routable IP addresses.
The host should be able to communicate with both "public" and "private" guests.

Question:
My question is: which network setup would be appropriate? Bridge only
seems limited as guests cannot be seen from the outside.
I recon I am quite lost between the bridge configuration, TUN/TAP and
the fact that I have no gateway+netmask for PUB2 and PUB3, and that I
therefore cannot input valid information into the config file of the
LXC (and inside the guest, the network configuration is incorrect as
well). Iptables + NATing will be required for guests using private
IPs, will this be necessary for LXC_PUB2 and LXC_PUB3 as well?
Many online tutorial use DHCP and/or private IP addresses for guests.
I need a mix of private and public IP adresses... with public IP on
different subnets...

Any pointer would be very appreciated (although as I have mentioned I
must have read dozens of blogs, articles, posts from this mailing-list
without finding an appropriate solution).

Best regards,
David