How do I set up WAN and LAN NICs for an OpenWrt home router running in a container?

Hardware Questions and Recommendations
1

Hi everyone,
I'm looking for help setting up my network securely. I bought a compact box from AliExpress to run Proxmox with OpenWrt and a few other VMs. My goal is to create a Proxmox cluster with my existing homelab server and add a third node for high availability with my router.

I plan to dedicate one physical NIC as the WAN port for my ISP, passing it through exclusively to the OpenWrt LXC container to keep it isolated. The other three NICs would act as a dumb switch.

Should I create a virtual bridge on the host for the WAN NIC without an IP address and then assign that bridge to the OpenWrt container? That feels insecure. For the other three NICs, should I put them all in a bridge and pass one "vbrLAN" interface to OpenWrt? Additionally, how should I configure the router and IP address settings to enhance security? Any suggestion please shjare with me dont hesitate .

2

you can. or just pass the wan nic directly.
see here: https://linuxcontainers.org/lxc/manpages//man5/lxc.container.conf.5.html
phys: an already existing interface specified by the lxc.net.[i].link is assigned to the container.

it's acceptable

you can. i think here though the openwrt container should tap into vbrLAN instead of you passing vbrLAN into container.

openwrt default fw policy is fine.