Comment 21 for bug 1367495

Okay. FYI I went ahead and defined my own bridge to let containers communicate directly with my router's dhcp server, but I've created and started a new privileged container `pr1` and made sure it uses `lxcbr0` and not my `br0`. Still, it's possible I'll have to tell `lxcbr0` to plug into `br0` rather than `eth0`, as `eth0` doesn't get an IP anymore on my machine, and if so I'll need some help doing that. Anyhow:

From within container `pr1`:
root@pr1:/# netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
root@pr1:/# ifconfig -a
    eth0 Link encap:Ethernet HWaddr 00:16:3e:b2:93:2b
              inet6 addr: fe80::216:3eff:feb2:932b/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
              RX packets:10 errors:0 dropped:0 overruns:0 frame:0
              TX packets:30 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:1177 (1.1 KB) TX bytes:7656 (7.6 KB)

    lo Link encap:Local Loopback
              inet addr:127.0.0.1 Mask:255.0.0.0
              inet6 addr: ::1/128 Scope:Host
              UP LOOPBACK RUNNING MTU:65536 Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
    root@pr1:/# cat /etc/
    cat: /etc/: Is a directory

But then after following your other directions:
    root@pr1:/# ifconfig eth0 10.0.3.10 netmask 255.255.255.0
    root@pr1:/# sudo route add -net default dev eth0
    root@pr1:/# ping 10.0.3.1
    PING 10.0.3.1 (10.0.3.1) 56(84) bytes of data.
    64 bytes from 10.0.3.1: icmp_seq=1 ttl=64 time=0.102 ms
    64 bytes from 10.0.3.1: icmp_seq=2 ttl=64 time=0.032 ms
    64 bytes from 10.0.3.1: icmp_seq=3 ttl=64 time=0.049 ms

Even better, if instead I do
    root@pr1:/# sudo route add -host 10.0.3.1 dev eth0
    root@pr1:/# route add -net default gw 10.0.3.1 dev eth0
then I can now ping to my LAN from within the container, and also ping out to 8.8.8.8. At this point I have:
    root@pr1:/# netstat -rn
    Kernel IP routing table
    Destination Gateway Genmask Flags MSS Window irtt Iface
    0.0.0.0 10.0.3.1 0.0.0.0 UG 0 0 0 eth0
    10.0.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
    10.0.3.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
    root@pr1:/# ifconfig -a
    eth0 Link encap:Ethernet HWaddr 00:16:3e:b2:93:2b
              inet addr:10.0.3.10 Bcast:10.0.3.255 Mask:255.255.255.0
              inet6 addr: fe80::216:3eff:feb2:932b/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
              RX packets:30 errors:0 dropped:0 overruns:0 frame:0
              TX packets:80 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:3579 (3.5 KB) TX bytes:19728 (19.7 KB)
    lo Link encap:Local Loopback
              inet addr:127.0.0.1 Mask:255.0.0.0
              inet6 addr: ::1/128 Scope:Host
              UP LOOPBACK RUNNING MTU:65536 Metric:1
              RX packets:51 errors:0 dropped:0 overruns:0 frame:0
              TX packets:51 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:3792 (3.7 KB) TX bytes:3792 (3.7 KB)

However, and BTW this is a problem I still have on the unprivileged container using `br0` as well, I can't resolve DNS from within the container. It returns `ping: unknown host www.google.com` immediately.

Finally, on my host I get:
    root@srv-Ub1404:~# ps -ef | grep dnsmasq
    lxc-dns+ 11309 1 0 Jan15 ? 00:00:00 dnsmasq -u lxc-dnsmasq --strict-order --bind-interfaces --pid-file=/run/lxc/dnsmasq.pid --conf-file= --listen-address 10.0.3.1 --dhcp-range 10.0.1.2,10.0.1.254 --dhcp-lease-max=253 --dhcp-no-override --except-interface=lo --interface=lxcbr0 --dhcp-leasefile=/var/lib/misc/dnsmasq.lxcbr0.leases --dhcp-authoritative
    root 13063 13052 0 00:01 pts/2 00:00:00 grep --color=auto dnsmasq