FreedomBox on LXC

Pre-Requesitites - Setup LXC on your Linux System

  • Underprivileged LXC has been setup, with user mappings, network mappings
Templates for LXC can be found here:

How To Steps include:
- Download Template (Debian unstable in this example)
- Configure Freedombox on LXC container
- Setup static ip to portforward easy
- Enable port forwarding


> lxc-create --name debunstable-freedombox -t download            

Interactive added these options when prompted:

(should download image)

> systemd-run --unit=myshell --user --scope -p "Delegate=yes" lxc-start debunstable-freedombox  --logfile $HOME/lxc_freedombox.log --logpriority DEBUG

> lxc-ls --fancy
confirm running ->

debunstable-freedombox RUNNING 0         - -    true         

attach to instance:

lxc-attach --name  debunstable-freedombox
root@debunstable-freedombox:/# apt update
root@debunstable-freedombox:/# DEBIAN_FRONTEND=noninteractive apt install snapd freedombox systemd syslog-ng mariadb-server -y
root@debunstable-freedombox:/# vi /etc/network/interfaces

You can use the following commands to help you find gateway and ip address:

# ip addr
# ip route

Replace auto eth0 dhcp to this: 

yours will be specific to your network

auto eth0
  iface eth0 inet static

root@debunstable-freedombox:/# systemctl restart networking.service

root@debunstable-freedombox:/#  echo nameserver > /etc/resolv.conf
replace with your favorite name server 

root@debunstable-freedombox:/#  exit
root@host> iptables -t nat -A POSTROUTING -s -o $WAN -j MASQUERADE

# Dont' forget to forward your ports
root@host> echo 1 > /proc/sys/net/ipv4/ip_foward 
root@host> iptables -t nat -A PREROUTING -i $WAN -p tcp --dport 6677 -j DNAT --to

Log in and follow the instructions including getting the secret key

I think it’s better, and possibly also easier to use a bridge configuration.
(Freedombox being separatately connected to the network, so no additional port forwarding on the host, and not introducing to send every new internet request into google nameserver logs.) also has more detailed info to set up lxc then in Installing Yunohost in unprivileged LXC on Debian before installing freedombox (FreedomBox/Hardware/Debian - Debian Wiki).

Oops, there is also some experience in a section ** Misc : installing Freedombox in a LXC ** in:

I’m not a fan of bridge…
I like it completely segrated with a firewall in case I open any services to public… I think you can lock it down more no?

Don’t you have a firewall/router in front of the host, anyway? Using a bridge and separate IPs allows to use a single dhcp server, and use default ports (like http ports 80 and 443) to all the IPs without conflicts (at least locally if behind a NAT).

But it could be that the iptables that the freedombox usually manages locally don’t work in an LXC container?

If needed it may still be possible to configure some bridge based packet filtering on the host.

It really depends on your setup I have several docker instances on this instance . Many services some being proxies to other ports .
For my setup it works well if ppl only require an easier setup :slight_smile: