oops... now that you mention it...... maybe all might work with opkg in a stable release.... you can move ahead without them just be aware if you start seeing "tun" in configs or "ip link add vethXYZ" and they don't work..... those packages will be related....
Here is a script / set of commands that are most of what your trying to do... from a manual side.... it's not fully tested - polished - coherent... may come back and beef it up...
As it is, you can use it to start a manual dnsmasq after editing the top variables to valid settings ( ip assignment probably on lxcbr0 or similar ) better to use lxc built in dnsmasq but this should be useful for testing and understanding the fundamentals.
listenaddr="172.19.91.1"
listenmask="255.255.255.0"
ipstart="172.19.91.101"
ipend="172.19.91.103"
maxlease="2" # number of ips total to lease
masqiface="br1"
runmasqy() {
#this bit is unfinished
#brctl addbr $masqiface
#ifconfig br1 $listenaddr netmask $listenmask up
dnsmasq \
--strict-order --bind-interfaces \
--pid-file=/run/lxc/dnsmasq.pid --listen-address $listenaddr \
--dhcp-range $ipstart,$ipend \
--dhcp-lease-max=$maxlease \
--dhcp-no-override \
--except-interface=lo \
--interface=$masqiface \
--dhcp-leasefile=/tmp/dnsmasq.$masqiface.leases \
--dhcp-authoritative &
}
rpfiltoff() {
for rp_filter_file in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo 0 > "$rp_filter_file";
done
}
#rpfiltoff
#ip link set br1 promisc on #probs not needed
#echo 1 > /proc/sys/net/ipv4/ip_forward #probs needed
#iptables -t nat -A POSTROUTING -o br-lan -s 172.16.91.0/24 -j MASQUERADE
# similar will be needed to nat the "lxc iprange" to a lan ip if you expect LAN hosts need access otherwise you need complex routing....
runmasqy
ps w | grep dnsmasq
netstat -tap #i prefer lsof -i -nP but you guessed it, needs compiling )
At least 80% of this is doable through the gui.... after all that br-make action! lol.... but i think its kinda necessary first time round and for trouble shooting to get to grips with the nuts and bolts.....