The reason why I’m looking into using HestiaCP behind NAT rather than just assign a real IP, is because LXC / Proxmox uses the Linux kernel “macvlan” method to do it.
This means that LXC containers with macvlan can’t talk to the host or other CTs on the lxd bridge used for CT NAT.
This might be the reason for the problem described here (if the systems involved are on the same physical Proxmox host|):
It is caused because “Proxmox” returns: web01 instead web01.domain.com when running exec(‘hostname’); It is also present on systems that use a “public” ip for the LXC container
The main issue is probally incoming mail (I have no idea to to sort it without a proxy infront).
But if I used “macvlan” to assign a real IP to the HestiaCP CT, it means that that the HestiaCP CT will be unable to communicate with the other LXC CTs or VMs on same host (Proxmox or LXD), I decided to revert it back to NAT (note: haven’t done the change from real-ip-macvlan to NAT yet, I’ll take this opportunity to install a new Debian 11 CT)
@eris off-topic but I suspect that a lot of people (if using a bigger ISP like Hetzner or Google / Cloudflare etc as their DNS forwarder) will have problems these days with HestiaCP rejecting incoming email due to SpamHaus changes.