diff --git a/docs/index.md b/docs/index.md
index 70ada7e..f292152 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -3,6 +3,7 @@
 Obviously, the commit history will reflect the time when these documents are written.
 
 * [Serve And Share Apps From Your Phone With Fdroid](serve_and_share_apps_from_your_phone_with_fdroid.md)
+* [LXD Container Home Server Networking For Dummies](lxd_container_home_server_networking_for_dummies.md)
 * [Nspawn Containers](nspawn.md)
 * [Mastodon on Arch](mastodon_on_arch.md)
 * [Debian Nspawn Container On Arch For Testing Apache Configurations](debian_nspawn_container_on_arch_for_testing_apache_configurations.md)
diff --git a/docs/lxd_container_home_server_networking_for_dummies.md b/docs/lxd_container_home_server_networking_for_dummies.md
new file mode 100644
index 0000000..209a810
--- /dev/null
+++ b/docs/lxd_container_home_server_networking_for_dummies.md
@@ -0,0 +1,351 @@
+# LXD Container Home Server Networking For Dummies
+
+## Why?
+If you're going to operate a fleet of LXD containers for home
+entertainment, you probably want some of them exposed with their
+own ip addresses on your home network, so that you can use them
+as containerized servers for various applications.
+
+Others containers, you might want to be inaccessable from the lan,
+in a natted subnet, where they can solicit connections to the
+outside world from within their natted subnet, but are not addressable
+from the outside. A database server that you connect a web app to, for
+instance, or a web app that you have a reverse proxy in front of.
+
+But these are two separate address spaces, so ideally all of the containers
+would have a second interface of their own, by which they could connect
+to a third network, that would be a private network that all of the containers
+can use to talk directly to each other (or the host machine).
+
+It's pretty straightforward, you just have to glue all the pieces together.
+
+## Three Part Overview.
+
+1. Define and create some bridges.  
+
+2. Define profiles that combine the network
+interfaces in different combinations. In addition to two
+bridges you will have a macvlan with which to expose the containers
+that you want exposed, but the macvlan doesn't come into
+play until here in step two when you define profiles.  
+
+3. Assign each container which profile it should use,
+and then configure the containers to use the included
+network interfaces correctly.  
+
+## Build Sum Moar Bridges
+
+The containers will all have two network interfaces from
+their own internal point of view, *eth0* and *eth1*. 
+
+In this
+scheme we create a bridge for a natted subnet and a bridge for
+a non-natted subnet. All of the containers will connect to the
+non-natted subnet on their second interface, *eth1*, and some
+of the containers will connect to the natted subnet on their 
+first interface *eth0*. The containers that don't connect
+to the natted subnet will instead connect to a macvlan
+on their first interface *eth0*, but that isn't part of this
+step.
+
+### bridge for a natted subnet
+
+If you haven't used lxd before, you'll want to run the command `lxd init`.
+By default this creates exactly the bridge we want, called *lxdbr0*.
+
+Otherwise you would use the following command to create *lxdbr0*.
+
+```bash
+lxc network create lxdbr0
+```
+
+To generate a table of all the existing interfaces.
+
+```bash
+lxd network list
+```
+
+This bridge is for our natted subnet, so we just want to go with
+the default configuration.
+
+```bash
+lxc network show lxdbr0
+```
+
+This cats a yaml file where you can see the randomly
+generated network for *lxdbr0*.
+
+```yaml
+config:
+  ipv4.address: 10.99.153.1/24
+  ipv4.nat: "true"
+  ipv6.address: fd42:211e:e008:954b::1/64
+  ipv6.nat: "true"
+description: ""
+name: lxdbr0
+type: bridge
+used_by: []
+managed: true
+```
+
+### bridge for a non-natted subnet
+
+Create *lxdbr1*
+
+```bash
+lxc network create lxdbr1
+```
+
+Use the following commands to remove nat from 
+lxdbr1.
+
+```bash
+lxc network set lxdbr1 ipv4.nat false
+lxc network set lxdbr1 ipv6.nat false
+```
+
+Of if you use this next command, your favourite
+text editor will pop open, preloaded with the complete yaml file
+and you can edit the configuration there.
+
+```bash
+lxc network edit lxdbr1
+```
+
+Either way you're looking for a result such as the following.
+Notice that the randomly generated address space is different
+that the one for *lxdbr0*, and that the *nat keys are set
+to "false".
+
+```yaml
+config:
+  ipv4.address: 10.151.18.1/24
+  ipv4.nat: "false"
+  ipv6.address: fd42:89d4:f465:1b20::1/64
+  ipv6.nat: "false"
+description: ""
+name: lxdbr1
+type: bridge
+used_by: []
+managed: true
+```
+
+## Profiles
+
+### recycle the default
+When you first ran `lxd init`, that created a default profile.
+Confirm with the following.
+
+```bash
+lxc profile list
+```
+
+To see what the default profile looks like.
+
+```bash
+lxc profile show default
+```
+
+```yaml
+config:
+  environment.http_proxy: ""
+  security.privileged: "true"
+  user.network_mode: ""
+description: Default LXD profile
+devices:
+  eth0:
+    nictype: bridged
+    parent: lxdbr0
+    type: nic
+  root:
+    path: /
+    pool: default
+    type: disk
+name: default
+used_by: []
+```
+
+### profile the natted
+
+The easiest way to create a new profile is start by copying another one.
+
+```bash
+lxc profile copy default natted
+```
+
+edit the new *natted* profile
+
+```bash
+lxc profile edit natted
+```
+
+And add an *eth1* interface attached to *lxdbr1*. *eth0* and *eth1* will
+be the interfaces visible from the container's point of view.
+
+```yaml
+config:
+  environment.http_proxy: ""
+  security.privileged: "true"
+  user.network_mode: ""
+description: Natted LXD profile
+devices:
+  eth0:
+    nictype: bridged
+    parent: lxdbr0
+    type: nic
+  eth1:
+    nictype: bridged
+    parent: lxdbr1
+    type: nic
+  root:
+    path: /
+    pool: default
+    type: disk
+name: natted
+used_by: []
+```
+
+Any container assigned to the *natted* profile, will have an interface *eth0* connected
+to a natted subnet, and a second interface *eth1* connected to a non-natted subnet, with
+a static ip on which it will be able to talk directly to the other containers and the host
+machine.
+
+### profile the exposed
+
+Create the *exposed* profile
+
+```bash
+lxc profile copy natted exposed
+```
+
+and edit the new *exposed* profile
+
+```bash
+lxc profile edit exposed
+```
+
+change the nictype for *eth0* from `bridged` to `macvlan`, and the parent should be
+the name of the physical ethernet connection on the host machine, instead of a bridge.
+
+```yaml
+config:
+  environment.http_proxy: ""
+  security.privileged: "true"
+  user.network_mode: ""
+description: Exposed LXD profile
+devices:
+  eth0:
+    nictype: macvlan
+    parent: eno1
+    type: nic
+  eth1:
+    nictype: bridged
+    parent: lxdbr1
+    type: nic
+  root:
+    path: /
+    pool: default
+    type: disk
+name: exposed
+used_by: []
+```
+
+Any container assigned to the *exposed* profile, will have an interface *eth0* connected
+to a macvlan, addressable from your lan, just like any other arbitrary computer on
+your home network, and a second interface *eth1* connected to a non-natted subnet, with
+a static ip on which it will be able to talk directly to the other containers and the host
+machine.
+
+## Assign Containers to Profiles and configure them to connect correctly.
+
+There are a lot of different ways that a Linux instance can solicit network services. So for
+now I will just describe a method that will work here for a lxc container from ubuntu:16.04, as
+well as a debian stretch container from images.linuxcontainers.org.
+
+Start a new container and assign the profile. We'll use an arbitrary whimsical container name,
+*quick-joey*. This process is the same for either the *natted* profile or the *exposed* profile.
+
+```bash
+lxc init ubuntu:16.04 quick-joey
+# assign the profile
+lxc profile assign quick-joey exposed
+# start quick-joey
+lxc start quick-joey
+# and start a bash shell
+lxc exec quick-joey bash
+```
+
+You need to tell these containers how to connect to the non-natted subnet on *eth1*
+With either an ubuntu:16.04 container, or a debian stretch container, for either the *natted* or
+*exposed* profile, because of all the above configuration work they will automatically connect on
+their *eth0* interfaces and be able to talk to the internet. You need to edit `/etc/network/interfaces`,
+the main difference being what that file looks like before you edit it.
+
+### ubuntu:16.04
+
+If you start a shell on an ubuntu:16.04 container, you see that `/etc/network/interfaces`
+describes the loopback device for localhost, then sources `/etc/network/interfaces.d/*.cfg` where
+some magical cloud-config jazz is going on. You just want to add a static ip description for *eth1*
+to the file `/etc/network/interfaces`. And obviously take that the static ip address you assign is
+unique and on the same subnet with *lxdbr1*.
+
+Reminder: the address for *lxdbr1* is 10.151.18.1/24, but it will be different on your machine.
+
+```conf
+auto lo
+iface lo inet loopback
+
+source /etc/network/interfaces.d/*.cfg
+# what you add goes below here
+auto eth1
+iface eth1 inet static
+   address 10.151.18.123
+   netmask 255.255.255.0
+   broadcast 255.255.255.255 
+   network 10.151.18.0
+```
+
+### debian stretch
+
+The configuration for a debian stretch container is the same, except the the file
+`/etc/network/interfaces` will also describe eth0, but you only have to add the 
+description for eth1.
+
+### the /etc/hosts file
+
+Once you assign the containers static ip addresses for their *eth1*
+interfaces, you can use the `/etc/hosts` file on each container to make them
+aware of where the other containers and the host machine are.
+
+For instance, if you want the container *quick-joey* to talk directly
+to the host machine, which will be at the ip address of *lxdbr1*, start a shell
+on the container *quick-joey*
+
+```bash
+lxc exec quick-joey bash
+```
+
+and edit `/etc/hosts`
+
+```conf
+# /etc/hosts
+10.151.18.1    mothership
+```
+
+Of you have a container named *fat-cinderella*, that needs to be able to talk
+directly *quick-joey*.
+
+```bash
+lxc exec fat-cinderella bash
+vim /etc/hosts
+```
+
+```conf
+# /etc/hosts
+10.151.18.123  quick-joey
+```
+
+etcetera
+
+
+
diff --git a/mkdocs.yml b/mkdocs.yml
index fe8bf69..0c2d65f 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -4,6 +4,7 @@ theme:    readthedocs
 
 pages:
     - 'Home': index.md
+    - 'LXD Container Home Server Networking For Dummies': lxd_container_home_server_networking_for_dummies.md
     - 'Serve And Share Apps From Your Phone With Fdroid': serve_and_share_apps_from_your_phone_with_fdroid.md
     - 'Nspawn': nspawn.md
     - 'Mastodon on Arch': mastodon_on_arch.md
diff --git a/site/arch_postgresql_nspawn/index.html b/site/arch_postgresql_nspawn/index.html
index 9a4d458..4b3f194 100644
--- a/site/arch_postgresql_nspawn/index.html
+++ b/site/arch_postgresql_nspawn/index.html
@@ -54,6 +54,11 @@
           
             <li class="toctree-l1">
 		
+    <a class="" href="../lxd_container_home_server_networking_for_dummies/">LXD Container Home Server Networking For Dummies</a>
+	    </li>
+          
+            <li class="toctree-l1">
+		
     <a class="" href="../serve_and_share_apps_from_your_phone_with_fdroid/">Serve And Share Apps From Your Phone With Fdroid</a>
 	    </li>
           
diff --git a/site/arch_redis_nspawn/index.html b/site/arch_redis_nspawn/index.html
index b45bd01..fb5d0fe 100644
--- a/site/arch_redis_nspawn/index.html
+++ b/site/arch_redis_nspawn/index.html
@@ -54,6 +54,11 @@
           
             <li class="toctree-l1">
 		
+    <a class="" href="../lxd_container_home_server_networking_for_dummies/">LXD Container Home Server Networking For Dummies</a>
+	    </li>
+          
+            <li class="toctree-l1">
+		
     <a class="" href="../serve_and_share_apps_from_your_phone_with_fdroid/">Serve And Share Apps From Your Phone With Fdroid</a>
 	    </li>
           
diff --git a/site/debian_nspawn_container_on_arch_for_testing_apache_configurations/index.html b/site/debian_nspawn_container_on_arch_for_testing_apache_configurations/index.html
index 137946d..5c0aa65 100644
--- a/site/debian_nspawn_container_on_arch_for_testing_apache_configurations/index.html
+++ b/site/debian_nspawn_container_on_arch_for_testing_apache_configurations/index.html
@@ -54,6 +54,11 @@
           
             <li class="toctree-l1">
 		
+    <a class="" href="../lxd_container_home_server_networking_for_dummies/">LXD Container Home Server Networking For Dummies</a>
+	    </li>
+          
+            <li class="toctree-l1">
+		
     <a class="" href="../serve_and_share_apps_from_your_phone_with_fdroid/">Serve And Share Apps From Your Phone With Fdroid</a>
 	    </li>
           
diff --git a/site/dynamic_cacheing_nginx_reverse_proxy_for_pacman/index.html b/site/dynamic_cacheing_nginx_reverse_proxy_for_pacman/index.html
index 5186be5..39d3aca 100644
--- a/site/dynamic_cacheing_nginx_reverse_proxy_for_pacman/index.html
+++ b/site/dynamic_cacheing_nginx_reverse_proxy_for_pacman/index.html
@@ -54,6 +54,11 @@
           
             <li class="toctree-l1">
 		
+    <a class="" href="../lxd_container_home_server_networking_for_dummies/">LXD Container Home Server Networking For Dummies</a>
+	    </li>
+          
+            <li class="toctree-l1">
+		
     <a class="" href="../serve_and_share_apps_from_your_phone_with_fdroid/">Serve And Share Apps From Your Phone With Fdroid</a>
 	    </li>
           
diff --git a/site/freebsd_jails_on_freenas/index.html b/site/freebsd_jails_on_freenas/index.html
index fb615fd..cf5a7ad 100644
--- a/site/freebsd_jails_on_freenas/index.html
+++ b/site/freebsd_jails_on_freenas/index.html
@@ -54,6 +54,11 @@
           
             <li class="toctree-l1">
 		
+    <a class="" href="../lxd_container_home_server_networking_for_dummies/">LXD Container Home Server Networking For Dummies</a>
+	    </li>
+          
+            <li class="toctree-l1">
+		
     <a class="" href="../serve_and_share_apps_from_your_phone_with_fdroid/">Serve And Share Apps From Your Phone With Fdroid</a>
 	    </li>
           
diff --git a/site/index.html b/site/index.html
index cf9cbff..c3b3b06 100644
--- a/site/index.html
+++ b/site/index.html
@@ -66,6 +66,11 @@
           
             <li class="toctree-l1">
 		
+    <a class="" href="lxd_container_home_server_networking_for_dummies/">LXD Container Home Server Networking For Dummies</a>
+	    </li>
+          
+            <li class="toctree-l1">
+		
     <a class="" href="serve_and_share_apps_from_your_phone_with_fdroid/">Serve And Share Apps From Your Phone With Fdroid</a>
 	    </li>
           
@@ -146,6 +151,7 @@
 <p>Obviously, the commit history will reflect the time when these documents are written.</p>
 <ul>
 <li><a href="serve_and_share_apps_from_your_phone_with_fdroid/">Serve And Share Apps From Your Phone With Fdroid</a></li>
+<li><a href="lxd_container_home_server_networking_for_dummies/">LXD Container Home Server Networking For Dummies</a></li>
 <li><a href="nspawn/">Nspawn Containers</a></li>
 <li><a href="mastodon_on_arch/">Mastodon on Arch</a></li>
 <li><a href="debian_nspawn_container_on_arch_for_testing_apache_configurations/">Debian Nspawn Container On Arch For Testing Apache Configurations</a></li>
@@ -165,7 +171,7 @@
   
     <div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">
       
-        <a href="serve_and_share_apps_from_your_phone_with_fdroid/" class="btn btn-neutral float-right" title="Serve And Share Apps From Your Phone With Fdroid">Next <span class="icon icon-circle-arrow-right"></span></a>
+        <a href="lxd_container_home_server_networking_for_dummies/" class="btn btn-neutral float-right" title="LXD Container Home Server Networking For Dummies">Next <span class="icon icon-circle-arrow-right"></span></a>
       
       
     </div>
@@ -193,7 +199,7 @@
       
       
       
-        <span style="margin-left: 15px"><a href="serve_and_share_apps_from_your_phone_with_fdroid/" style="color: #fcfcfc">Next &raquo;</a></span>
+        <span style="margin-left: 15px"><a href="lxd_container_home_server_networking_for_dummies/" style="color: #fcfcfc">Next &raquo;</a></span>
       
     </span>
 </div>
@@ -204,5 +210,5 @@
 
 <!--
 MkDocs version : 0.16.3
-Build Date UTC : 2017-07-17 10:26:28
+Build Date UTC : 2017-07-21 14:04:03
 -->
diff --git a/site/lxd_container_home_server_networking_for_dummies/index.html b/site/lxd_container_home_server_networking_for_dummies/index.html
new file mode 100644
index 0000000..f547bc7
--- /dev/null
+++ b/site/lxd_container_home_server_networking_for_dummies/index.html
@@ -0,0 +1,486 @@
+<!DOCTYPE html>
+<!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]-->
+<!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]-->
+<head>
+  <meta charset="utf-8">
+  <meta http-equiv="X-UA-Compatible" content="IE=edge">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  
+  
+  <link rel="shortcut icon" href="../img/favicon.ico">
+  <title>LXD Container Home Server Networking For Dummies - Trent Docs</title>
+  <link href='https://fonts.googleapis.com/css?family=Lato:400,700|Roboto+Slab:400,700|Inconsolata:400,700' rel='stylesheet' type='text/css'>
+
+  <link rel="stylesheet" href="../css/theme.css" type="text/css" />
+  <link rel="stylesheet" href="../css/theme_extra.css" type="text/css" />
+  <link rel="stylesheet" href="../css/highlight.css">
+  
+  <script>
+    // Current page data
+    var mkdocs_page_name = "LXD Container Home Server Networking For Dummies";
+    var mkdocs_page_input_path = "lxd_container_home_server_networking_for_dummies.md";
+    var mkdocs_page_url = "/lxd_container_home_server_networking_for_dummies/";
+  </script>
+  
+  <script src="../js/jquery-2.1.1.min.js"></script>
+  <script src="../js/modernizr-2.8.3.min.js"></script>
+  <script type="text/javascript" src="../js/highlight.pack.js"></script> 
+  
+</head>
+
+<body class="wy-body-for-nav" role="document">
+
+  <div class="wy-grid-for-nav">
+
+    
+    <nav data-toggle="wy-nav-shift" class="wy-nav-side stickynav">
+      <div class="wy-side-nav-search">
+        <a href=".." class="icon icon-home"> Trent Docs</a>
+        <div role="search">
+  <form id ="rtd-search-form" class="wy-form" action="../search.html" method="get">
+    <input type="text" name="q" placeholder="Search docs" />
+  </form>
+</div>
+      </div>
+
+      <div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">
+	<ul class="current">
+	  
+          
+            <li class="toctree-l1">
+		
+    <a class="" href="..">Home</a>
+	    </li>
+          
+            <li class="toctree-l1 current">
+		
+    <a class="current" href="./">LXD Container Home Server Networking For Dummies</a>
+    <ul class="subnav">
+            
+    <li class="toctree-l2"><a href="#lxd-container-home-server-networking-for-dummies">LXD Container Home Server Networking For Dummies</a></li>
+    
+        <ul>
+        
+            <li><a class="toctree-l3" href="#why">Why?</a></li>
+        
+            <li><a class="toctree-l3" href="#three-part-overview">Three Part Overview.</a></li>
+        
+            <li><a class="toctree-l3" href="#build-sum-moar-bridges">Build Sum Moar Bridges</a></li>
+        
+            <li><a class="toctree-l3" href="#profiles">Profiles</a></li>
+        
+            <li><a class="toctree-l3" href="#assign-containers-to-profiles-and-configure-them-to-connect-correctly">Assign Containers to Profiles and configure them to connect correctly.</a></li>
+        
+        </ul>
+    
+
+    </ul>
+	    </li>
+          
+            <li class="toctree-l1">
+		
+    <a class="" href="../serve_and_share_apps_from_your_phone_with_fdroid/">Serve And Share Apps From Your Phone With Fdroid</a>
+	    </li>
+          
+            <li class="toctree-l1">
+		
+    <a class="" href="../nspawn/">Nspawn</a>
+	    </li>
+          
+            <li class="toctree-l1">
+		
+    <a class="" href="../mastodon_on_arch/">Mastodon on Arch</a>
+	    </li>
+          
+            <li class="toctree-l1">
+		
+    <a class="" href="../debian_nspawn_container_on_arch_for_testing_apache_configurations/">Debian Nspawn Container On Arch For Testing Apache Configurations</a>
+	    </li>
+          
+            <li class="toctree-l1">
+		
+    <a class="" href="../dynamic_cacheing_nginx_reverse_proxy_for_pacman/">Dynamic Cacheing Nginx Reverse Proxy For Pacman</a>
+	    </li>
+          
+            <li class="toctree-l1">
+		
+    <a class="" href="../freebsd_jails_on_freenas/">FreeBSD Jails on FreeNAS</a>
+	    </li>
+          
+            <li class="toctree-l1">
+		
+    <a class="" href="../arch_redis_nspawn/">Quick Dirty Redis Nspawn Container on Arch Linux</a>
+	    </li>
+          
+            <li class="toctree-l1">
+		
+    <a class="" href="../arch_postgresql_nspawn/">Quick Dirty Postgresql Nspawn Container on Arch Linux</a>
+	    </li>
+          
+            <li class="toctree-l1">
+		
+    <a class="" href="../self_signed_certs/">Self Signed Certs</a>
+	    </li>
+          
+        </ul>
+      </div>
+      &nbsp;
+    </nav>
+
+    <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">
+
+      
+      <nav class="wy-nav-top" role="navigation" aria-label="top navigation">
+        <i data-toggle="wy-nav-top" class="fa fa-bars"></i>
+        <a href="..">Trent Docs</a>
+      </nav>
+
+      
+      <div class="wy-nav-content">
+        <div class="rst-content">
+          <div role="navigation" aria-label="breadcrumbs navigation">
+  <ul class="wy-breadcrumbs">
+    <li><a href="..">Docs</a> &raquo;</li>
+    
+      
+    
+    <li>LXD Container Home Server Networking For Dummies</li>
+    <li class="wy-breadcrumbs-aside">
+      
+    </li>
+  </ul>
+  <hr/>
+</div>
+          <div role="main">
+            <div class="section">
+              
+                <h1 id="lxd-container-home-server-networking-for-dummies">LXD Container Home Server Networking For Dummies</h1>
+<h2 id="why">Why?</h2>
+<p>If you're going to operate a fleet of LXD containers for home
+entertainment, you probably want some of them exposed with their
+own ip addresses on your home network, so that you can use them
+as containerized servers for various applications.</p>
+<p>Others containers, you might want to be inaccessable from the lan,
+in a natted subnet, where they can solicit connections to the
+outside world from within their natted subnet, but are not addressable
+from the outside. A database server that you connect a web app to, for
+instance, or a web app that you have a reverse proxy in front of.</p>
+<p>But these are two separate address spaces, so ideally all of the containers
+would have a second interface of their own, by which they could connect
+to a third network, that would be a private network that all of the containers
+can use to talk directly to each other (or the host machine).</p>
+<p>It's pretty straightforward, you just have to glue all the pieces together.</p>
+<h2 id="three-part-overview">Three Part Overview.</h2>
+<ol>
+<li>
+<p>Define and create some bridges.  </p>
+</li>
+<li>
+<p>Define profiles that combine the network
+interfaces in different combinations. In addition to two
+bridges you will have a macvlan with which to expose the containers
+that you want exposed, but the macvlan doesn't come into
+play until here in step two when you define profiles.  </p>
+</li>
+<li>
+<p>Assign each container which profile it should use,
+and then configure the containers to use the included
+network interfaces correctly.  </p>
+</li>
+</ol>
+<h2 id="build-sum-moar-bridges">Build Sum Moar Bridges</h2>
+<p>The containers will all have two network interfaces from
+their own internal point of view, <em>eth0</em> and <em>eth1</em>. </p>
+<p>In this
+scheme we create a bridge for a natted subnet and a bridge for
+a non-natted subnet. All of the containers will connect to the
+non-natted subnet on their second interface, <em>eth1</em>, and some
+of the containers will connect to the natted subnet on their 
+first interface <em>eth0</em>. The containers that don't connect
+to the natted subnet will instead connect to a macvlan
+on their first interface <em>eth0</em>, but that isn't part of this
+step.</p>
+<h3 id="bridge-for-a-natted-subnet">bridge for a natted subnet</h3>
+<p>If you haven't used lxd before, you'll want to run the command <code>lxd init</code>.
+By default this creates exactly the bridge we want, called <em>lxdbr0</em>.</p>
+<p>Otherwise you would use the following command to create <em>lxdbr0</em>.</p>
+<pre><code class="bash">lxc network create lxdbr0
+</code></pre>
+
+<p>To generate a table of all the existing interfaces.</p>
+<pre><code class="bash">lxd network list
+</code></pre>
+
+<p>This bridge is for our natted subnet, so we just want to go with
+the default configuration.</p>
+<pre><code class="bash">lxc network show lxdbr0
+</code></pre>
+
+<p>This cats a yaml file where you can see the randomly
+generated network for <em>lxdbr0</em>.</p>
+<pre><code class="yaml">config:
+  ipv4.address: 10.99.153.1/24
+  ipv4.nat: &quot;true&quot;
+  ipv6.address: fd42:211e:e008:954b::1/64
+  ipv6.nat: &quot;true&quot;
+description: &quot;&quot;
+name: lxdbr0
+type: bridge
+used_by: []
+managed: true
+</code></pre>
+
+<h3 id="bridge-for-a-non-natted-subnet">bridge for a non-natted subnet</h3>
+<p>Create <em>lxdbr1</em></p>
+<pre><code class="bash">lxc network create lxdbr1
+</code></pre>
+
+<p>Use the following commands to remove nat from 
+lxdbr1.</p>
+<pre><code class="bash">lxc network set lxdbr1 ipv4.nat false
+lxc network set lxdbr1 ipv6.nat false
+</code></pre>
+
+<p>Of if you use this next command, your favourite
+text editor will pop open, preloaded with the complete yaml file
+and you can edit the configuration there.</p>
+<pre><code class="bash">lxc network edit lxdbr1
+</code></pre>
+
+<p>Either way you're looking for a result such as the following.
+Notice that the randomly generated address space is different
+that the one for <em>lxdbr0</em>, and that the *nat keys are set
+to "false".</p>
+<pre><code class="yaml">config:
+  ipv4.address: 10.151.18.1/24
+  ipv4.nat: &quot;false&quot;
+  ipv6.address: fd42:89d4:f465:1b20::1/64
+  ipv6.nat: &quot;false&quot;
+description: &quot;&quot;
+name: lxdbr1
+type: bridge
+used_by: []
+managed: true
+</code></pre>
+
+<h2 id="profiles">Profiles</h2>
+<h3 id="recycle-the-default">recycle the default</h3>
+<p>When you first ran <code>lxd init</code>, that created a default profile.
+Confirm with the following.</p>
+<pre><code class="bash">lxc profile list
+</code></pre>
+
+<p>To see what the default profile looks like.</p>
+<pre><code class="bash">lxc profile show default
+</code></pre>
+
+<pre><code class="yaml">config:
+  environment.http_proxy: &quot;&quot;
+  security.privileged: &quot;true&quot;
+  user.network_mode: &quot;&quot;
+description: Default LXD profile
+devices:
+  eth0:
+    nictype: bridged
+    parent: lxdbr0
+    type: nic
+  root:
+    path: /
+    pool: default
+    type: disk
+name: default
+used_by: []
+</code></pre>
+
+<h3 id="profile-the-natted">profile the natted</h3>
+<p>The easiest way to create a new profile is start by copying another one.</p>
+<pre><code class="bash">lxc profile copy default natted
+</code></pre>
+
+<p>edit the new <em>natted</em> profile</p>
+<pre><code class="bash">lxc profile edit natted
+</code></pre>
+
+<p>And add an <em>eth1</em> interface attached to <em>lxdbr1</em>. <em>eth0</em> and <em>eth1</em> will
+be the interfaces visible from the container's point of view.</p>
+<pre><code class="yaml">config:
+  environment.http_proxy: &quot;&quot;
+  security.privileged: &quot;true&quot;
+  user.network_mode: &quot;&quot;
+description: Natted LXD profile
+devices:
+  eth0:
+    nictype: bridged
+    parent: lxdbr0
+    type: nic
+  eth1:
+    nictype: bridged
+    parent: lxdbr1
+    type: nic
+  root:
+    path: /
+    pool: default
+    type: disk
+name: natted
+used_by: []
+</code></pre>
+
+<p>Any container assigned to the <em>natted</em> profile, will have an interface <em>eth0</em> connected
+to a natted subnet, and a second interface <em>eth1</em> connected to a non-natted subnet, with
+a static ip on which it will be able to talk directly to the other containers and the host
+machine.</p>
+<h3 id="profile-the-exposed">profile the exposed</h3>
+<p>Create the <em>exposed</em> profile</p>
+<pre><code class="bash">lxc profile copy natted exposed
+</code></pre>
+
+<p>and edit the new <em>exposed</em> profile</p>
+<pre><code class="bash">lxc profile edit exposed
+</code></pre>
+
+<p>change the nictype for <em>eth0</em> from <code>bridged</code> to <code>macvlan</code>, and the parent should be
+the name of the physical ethernet connection on the host machine, instead of a bridge.</p>
+<pre><code class="yaml">config:
+  environment.http_proxy: &quot;&quot;
+  security.privileged: &quot;true&quot;
+  user.network_mode: &quot;&quot;
+description: Exposed LXD profile
+devices:
+  eth0:
+    nictype: macvlan
+    parent: eno1
+    type: nic
+  eth1:
+    nictype: bridged
+    parent: lxdbr1
+    type: nic
+  root:
+    path: /
+    pool: default
+    type: disk
+name: exposed
+used_by: []
+</code></pre>
+
+<p>Any container assigned to the <em>exposed</em> profile, will have an interface <em>eth0</em> connected
+to a macvlan, addressable from your lan, just like any other arbitrary computer on
+your home network, and a second interface <em>eth1</em> connected to a non-natted subnet, with
+a static ip on which it will be able to talk directly to the other containers and the host
+machine.</p>
+<h2 id="assign-containers-to-profiles-and-configure-them-to-connect-correctly">Assign Containers to Profiles and configure them to connect correctly.</h2>
+<p>There are a lot of different ways that a Linux instance can solicit network services. So for
+now I will just describe a method that will work here for a lxc container from ubuntu:16.04, as
+well as a debian stretch container from images.linuxcontainers.org.</p>
+<p>Start a new container and assign the profile. We'll use an arbitrary whimsical container name,
+<em>quick-joey</em>. This process is the same for either the <em>natted</em> profile or the <em>exposed</em> profile.</p>
+<pre><code class="bash">lxc init ubuntu:16.04 quick-joey
+# assign the profile
+lxc profile assign quick-joey exposed
+# start quick-joey
+lxc start quick-joey
+# and start a bash shell
+lxc exec quick-joey bash
+</code></pre>
+
+<p>You need to tell these containers how to connect to the non-natted subnet on <em>eth1</em>
+With either an ubuntu:16.04 container, or a debian stretch container, for either the <em>natted</em> or
+<em>exposed</em> profile, because of all the above configuration work they will automatically connect on
+their <em>eth0</em> interfaces and be able to talk to the internet. You need to edit <code>/etc/network/interfaces</code>,
+the main difference being what that file looks like before you edit it.</p>
+<h3 id="ubuntu1604">ubuntu:16.04</h3>
+<p>If you start a shell on an ubuntu:16.04 container, you see that <code>/etc/network/interfaces</code>
+describes the loopback device for localhost, then sources <code>/etc/network/interfaces.d/*.cfg</code> where
+some magical cloud-config jazz is going on. You just want to add a static ip description for <em>eth1</em>
+to the file <code>/etc/network/interfaces</code>. And obviously take that the static ip address you assign is
+unique and on the same subnet with <em>lxdbr1</em>.</p>
+<p>Reminder: the address for <em>lxdbr1</em> is 10.151.18.1/24, but it will be different on your machine.</p>
+<pre><code class="conf">auto lo
+iface lo inet loopback
+
+source /etc/network/interfaces.d/*.cfg
+# what you add goes below here
+auto eth1
+iface eth1 inet static
+   address 10.151.18.123
+   netmask 255.255.255.0
+   broadcast 255.255.255.255 
+   network 10.151.18.0
+</code></pre>
+
+<h3 id="debian-stretch">debian stretch</h3>
+<p>The configuration for a debian stretch container is the same, except the the file
+<code>/etc/network/interfaces</code> will also describe eth0, but you only have to add the 
+description for eth1.</p>
+<h3 id="the-etchosts-file">the /etc/hosts file</h3>
+<p>Once you assign the containers static ip addresses for their <em>eth1</em>
+interfaces, you can use the <code>/etc/hosts</code> file on each container to make them
+aware of where the other containers and the host machine are.</p>
+<p>For instance, if you want the container <em>quick-joey</em> to talk directly
+to the host machine, which will be at the ip address of <em>lxdbr1</em>, start a shell
+on the container <em>quick-joey</em></p>
+<pre><code class="bash">lxc exec quick-joey bash
+</code></pre>
+
+<p>and edit <code>/etc/hosts</code></p>
+<pre><code class="conf"># /etc/hosts
+10.151.18.1    mothership
+</code></pre>
+
+<p>Of you have a container named <em>fat-cinderella</em>, that needs to be able to talk
+directly <em>quick-joey</em>.</p>
+<pre><code class="bash">lxc exec fat-cinderella bash
+vim /etc/hosts
+</code></pre>
+
+<pre><code class="conf"># /etc/hosts
+10.151.18.123  quick-joey
+</code></pre>
+
+<p>etcetera</p>
+              
+            </div>
+          </div>
+          <footer>
+  
+    <div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">
+      
+        <a href="../serve_and_share_apps_from_your_phone_with_fdroid/" class="btn btn-neutral float-right" title="Serve And Share Apps From Your Phone With Fdroid">Next <span class="icon icon-circle-arrow-right"></span></a>
+      
+      
+        <a href=".." class="btn btn-neutral" title="Home"><span class="icon icon-circle-arrow-left"></span> Previous</a>
+      
+    </div>
+  
+
+  <hr/>
+
+  <div role="contentinfo">
+    <!-- Copyright etc -->
+    
+  </div>
+
+  Built with <a href="http://www.mkdocs.org">MkDocs</a> using a <a href="https://github.com/snide/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>.
+</footer>
+	  
+        </div>
+      </div>
+
+    </section>
+    
+  </div>
+
+  <div class="rst-versions" role="note" style="cursor: pointer">
+    <span class="rst-current-version" data-toggle="rst-current-version">
+      
+      
+        <span><a href=".." style="color: #fcfcfc;">&laquo; Previous</a></span>
+      
+      
+        <span style="margin-left: 15px"><a href="../serve_and_share_apps_from_your_phone_with_fdroid/" style="color: #fcfcfc">Next &raquo;</a></span>
+      
+    </span>
+</div>
+    <script src="../js/theme.js"></script>
+
+</body>
+</html>
diff --git a/site/mastodon_on_arch/index.html b/site/mastodon_on_arch/index.html
index 5df6c57..67a2832 100644
--- a/site/mastodon_on_arch/index.html
+++ b/site/mastodon_on_arch/index.html
@@ -54,6 +54,11 @@
           
             <li class="toctree-l1">
 		
+    <a class="" href="../lxd_container_home_server_networking_for_dummies/">LXD Container Home Server Networking For Dummies</a>
+	    </li>
+          
+            <li class="toctree-l1">
+		
     <a class="" href="../serve_and_share_apps_from_your_phone_with_fdroid/">Serve And Share Apps From Your Phone With Fdroid</a>
 	    </li>
           
diff --git a/site/mkdocs/search_index.json b/site/mkdocs/search_index.json
index 409e7a7..a9ed225 100644
--- a/site/mkdocs/search_index.json
+++ b/site/mkdocs/search_index.json
@@ -2,7 +2,7 @@
     "docs": [
         {
             "location": "/",
-            "text": "Welcome to Trent Docs\n\n\nGit Repo For These Docs\n\n\nObviously, the commit history will reflect the time when these documents are written.\n\n\n\n\nServe And Share Apps From Your Phone With Fdroid\n\n\nNspawn Containers\n\n\nMastodon on Arch\n\n\nDebian Nspawn Container On Arch For Testing Apache Configurations\n\n\nDynamic Cacheing Nginx Reverse Proxy For Pacman\n\n\nFreeBSD Jails on FreeNAS\n \n\n\nQuick Dirty Redis Nspawn Container on Arch Linux\n\n\nQuick Dirty Postgresql Nspawn Container on Arch Linux\n\n\nSelf Signed Certs",
+            "text": "Welcome to Trent Docs\n\n\nGit Repo For These Docs\n\n\nObviously, the commit history will reflect the time when these documents are written.\n\n\n\n\nServe And Share Apps From Your Phone With Fdroid\n\n\nLXD Container Home Server Networking For Dummies\n\n\nNspawn Containers\n\n\nMastodon on Arch\n\n\nDebian Nspawn Container On Arch For Testing Apache Configurations\n\n\nDynamic Cacheing Nginx Reverse Proxy For Pacman\n\n\nFreeBSD Jails on FreeNAS\n \n\n\nQuick Dirty Redis Nspawn Container on Arch Linux\n\n\nQuick Dirty Postgresql Nspawn Container on Arch Linux\n\n\nSelf Signed Certs",
             "title": "Home"
         },
         {
@@ -12,9 +12,84 @@
         },
         {
             "location": "/#git-repo-for-these-docs",
-            "text": "Obviously, the commit history will reflect the time when these documents are written.   Serve And Share Apps From Your Phone With Fdroid  Nspawn Containers  Mastodon on Arch  Debian Nspawn Container On Arch For Testing Apache Configurations  Dynamic Cacheing Nginx Reverse Proxy For Pacman  FreeBSD Jails on FreeNAS    Quick Dirty Redis Nspawn Container on Arch Linux  Quick Dirty Postgresql Nspawn Container on Arch Linux  Self Signed Certs",
+            "text": "Obviously, the commit history will reflect the time when these documents are written.   Serve And Share Apps From Your Phone With Fdroid  LXD Container Home Server Networking For Dummies  Nspawn Containers  Mastodon on Arch  Debian Nspawn Container On Arch For Testing Apache Configurations  Dynamic Cacheing Nginx Reverse Proxy For Pacman  FreeBSD Jails on FreeNAS    Quick Dirty Redis Nspawn Container on Arch Linux  Quick Dirty Postgresql Nspawn Container on Arch Linux  Self Signed Certs",
             "title": "Git Repo For These Docs"
         },
+        {
+            "location": "/lxd_container_home_server_networking_for_dummies/",
+            "text": "LXD Container Home Server Networking For Dummies\n\n\nWhy?\n\n\nIf you're going to operate a fleet of LXD containers for home\nentertainment, you probably want some of them exposed with their\nown ip addresses on your home network, so that you can use them\nas containerized servers for various applications.\n\n\nOthers containers, you might want to be inaccessable from the lan,\nin a natted subnet, where they can solicit connections to the\noutside world from within their natted subnet, but are not addressable\nfrom the outside. A database server that you connect a web app to, for\ninstance, or a web app that you have a reverse proxy in front of.\n\n\nBut these are two separate address spaces, so ideally all of the containers\nwould have a second interface of their own, by which they could connect\nto a third network, that would be a private network that all of the containers\ncan use to talk directly to each other (or the host machine).\n\n\nIt's pretty straightforward, you just have to glue all the pieces together.\n\n\nThree Part Overview.\n\n\n\n\n\n\nDefine and create some bridges.  \n\n\n\n\n\n\nDefine profiles that combine the network\ninterfaces in different combinations. In addition to two\nbridges you will have a macvlan with which to expose the containers\nthat you want exposed, but the macvlan doesn't come into\nplay until here in step two when you define profiles.  \n\n\n\n\n\n\nAssign each container which profile it should use,\nand then configure the containers to use the included\nnetwork interfaces correctly.  \n\n\n\n\n\n\nBuild Sum Moar Bridges\n\n\nThe containers will all have two network interfaces from\ntheir own internal point of view, \neth0\n and \neth1\n. \n\n\nIn this\nscheme we create a bridge for a natted subnet and a bridge for\na non-natted subnet. All of the containers will connect to the\nnon-natted subnet on their second interface, \neth1\n, and some\nof the containers will connect to the natted subnet on their \nfirst interface \neth0\n. The containers that don't connect\nto the natted subnet will instead connect to a macvlan\non their first interface \neth0\n, but that isn't part of this\nstep.\n\n\nbridge for a natted subnet\n\n\nIf you haven't used lxd before, you'll want to run the command \nlxd init\n.\nBy default this creates exactly the bridge we want, called \nlxdbr0\n.\n\n\nOtherwise you would use the following command to create \nlxdbr0\n.\n\n\nlxc network create lxdbr0\n\n\n\n\nTo generate a table of all the existing interfaces.\n\n\nlxd network list\n\n\n\n\nThis bridge is for our natted subnet, so we just want to go with\nthe default configuration.\n\n\nlxc network show lxdbr0\n\n\n\n\nThis cats a yaml file where you can see the randomly\ngenerated network for \nlxdbr0\n.\n\n\nconfig:\n  ipv4.address: 10.99.153.1/24\n  ipv4.nat: \"true\"\n  ipv6.address: fd42:211e:e008:954b::1/64\n  ipv6.nat: \"true\"\ndescription: \"\"\nname: lxdbr0\ntype: bridge\nused_by: []\nmanaged: true\n\n\n\n\nbridge for a non-natted subnet\n\n\nCreate \nlxdbr1\n\n\nlxc network create lxdbr1\n\n\n\n\nUse the following commands to remove nat from \nlxdbr1.\n\n\nlxc network set lxdbr1 ipv4.nat false\nlxc network set lxdbr1 ipv6.nat false\n\n\n\n\nOf if you use this next command, your favourite\ntext editor will pop open, preloaded with the complete yaml file\nand you can edit the configuration there.\n\n\nlxc network edit lxdbr1\n\n\n\n\nEither way you're looking for a result such as the following.\nNotice that the randomly generated address space is different\nthat the one for \nlxdbr0\n, and that the *nat keys are set\nto \"false\".\n\n\nconfig:\n  ipv4.address: 10.151.18.1/24\n  ipv4.nat: \"false\"\n  ipv6.address: fd42:89d4:f465:1b20::1/64\n  ipv6.nat: \"false\"\ndescription: \"\"\nname: lxdbr1\ntype: bridge\nused_by: []\nmanaged: true\n\n\n\n\nProfiles\n\n\nrecycle the default\n\n\nWhen you first ran \nlxd init\n, that created a default profile.\nConfirm with the following.\n\n\nlxc profile list\n\n\n\n\nTo see what the default profile looks like.\n\n\nlxc profile show default\n\n\n\n\nconfig:\n  environment.http_proxy: \"\"\n  security.privileged: \"true\"\n  user.network_mode: \"\"\ndescription: Default LXD profile\ndevices:\n  eth0:\n    nictype: bridged\n    parent: lxdbr0\n    type: nic\n  root:\n    path: /\n    pool: default\n    type: disk\nname: default\nused_by: []\n\n\n\n\nprofile the natted\n\n\nThe easiest way to create a new profile is start by copying another one.\n\n\nlxc profile copy default natted\n\n\n\n\nedit the new \nnatted\n profile\n\n\nlxc profile edit natted\n\n\n\n\nAnd add an \neth1\n interface attached to \nlxdbr1\n. \neth0\n and \neth1\n will\nbe the interfaces visible from the container's point of view.\n\n\nconfig:\n  environment.http_proxy: \"\"\n  security.privileged: \"true\"\n  user.network_mode: \"\"\ndescription: Natted LXD profile\ndevices:\n  eth0:\n    nictype: bridged\n    parent: lxdbr0\n    type: nic\n  eth1:\n    nictype: bridged\n    parent: lxdbr1\n    type: nic\n  root:\n    path: /\n    pool: default\n    type: disk\nname: natted\nused_by: []\n\n\n\n\nAny container assigned to the \nnatted\n profile, will have an interface \neth0\n connected\nto a natted subnet, and a second interface \neth1\n connected to a non-natted subnet, with\na static ip on which it will be able to talk directly to the other containers and the host\nmachine.\n\n\nprofile the exposed\n\n\nCreate the \nexposed\n profile\n\n\nlxc profile copy natted exposed\n\n\n\n\nand edit the new \nexposed\n profile\n\n\nlxc profile edit exposed\n\n\n\n\nchange the nictype for \neth0\n from \nbridged\n to \nmacvlan\n, and the parent should be\nthe name of the physical ethernet connection on the host machine, instead of a bridge.\n\n\nconfig:\n  environment.http_proxy: \"\"\n  security.privileged: \"true\"\n  user.network_mode: \"\"\ndescription: Exposed LXD profile\ndevices:\n  eth0:\n    nictype: macvlan\n    parent: eno1\n    type: nic\n  eth1:\n    nictype: bridged\n    parent: lxdbr1\n    type: nic\n  root:\n    path: /\n    pool: default\n    type: disk\nname: exposed\nused_by: []\n\n\n\n\nAny container assigned to the \nexposed\n profile, will have an interface \neth0\n connected\nto a macvlan, addressable from your lan, just like any other arbitrary computer on\nyour home network, and a second interface \neth1\n connected to a non-natted subnet, with\na static ip on which it will be able to talk directly to the other containers and the host\nmachine.\n\n\nAssign Containers to Profiles and configure them to connect correctly.\n\n\nThere are a lot of different ways that a Linux instance can solicit network services. So for\nnow I will just describe a method that will work here for a lxc container from ubuntu:16.04, as\nwell as a debian stretch container from images.linuxcontainers.org.\n\n\nStart a new container and assign the profile. We'll use an arbitrary whimsical container name,\n\nquick-joey\n. This process is the same for either the \nnatted\n profile or the \nexposed\n profile.\n\n\nlxc init ubuntu:16.04 quick-joey\n# assign the profile\nlxc profile assign quick-joey exposed\n# start quick-joey\nlxc start quick-joey\n# and start a bash shell\nlxc exec quick-joey bash\n\n\n\n\nYou need to tell these containers how to connect to the non-natted subnet on \neth1\n\nWith either an ubuntu:16.04 container, or a debian stretch container, for either the \nnatted\n or\n\nexposed\n profile, because of all the above configuration work they will automatically connect on\ntheir \neth0\n interfaces and be able to talk to the internet. You need to edit \n/etc/network/interfaces\n,\nthe main difference being what that file looks like before you edit it.\n\n\nubuntu:16.04\n\n\nIf you start a shell on an ubuntu:16.04 container, you see that \n/etc/network/interfaces\n\ndescribes the loopback device for localhost, then sources \n/etc/network/interfaces.d/*.cfg\n where\nsome magical cloud-config jazz is going on. You just want to add a static ip description for \neth1\n\nto the file \n/etc/network/interfaces\n. And obviously take that the static ip address you assign is\nunique and on the same subnet with \nlxdbr1\n.\n\n\nReminder: the address for \nlxdbr1\n is 10.151.18.1/24, but it will be different on your machine.\n\n\nauto lo\niface lo inet loopback\n\nsource /etc/network/interfaces.d/*.cfg\n# what you add goes below here\nauto eth1\niface eth1 inet static\n   address 10.151.18.123\n   netmask 255.255.255.0\n   broadcast 255.255.255.255 \n   network 10.151.18.0\n\n\n\n\ndebian stretch\n\n\nThe configuration for a debian stretch container is the same, except the the file\n\n/etc/network/interfaces\n will also describe eth0, but you only have to add the \ndescription for eth1.\n\n\nthe /etc/hosts file\n\n\nOnce you assign the containers static ip addresses for their \neth1\n\ninterfaces, you can use the \n/etc/hosts\n file on each container to make them\naware of where the other containers and the host machine are.\n\n\nFor instance, if you want the container \nquick-joey\n to talk directly\nto the host machine, which will be at the ip address of \nlxdbr1\n, start a shell\non the container \nquick-joey\n\n\nlxc exec quick-joey bash\n\n\n\n\nand edit \n/etc/hosts\n\n\n# /etc/hosts\n10.151.18.1    mothership\n\n\n\n\nOf you have a container named \nfat-cinderella\n, that needs to be able to talk\ndirectly \nquick-joey\n.\n\n\nlxc exec fat-cinderella bash\nvim /etc/hosts\n\n\n\n\n# /etc/hosts\n10.151.18.123  quick-joey\n\n\n\n\netcetera",
+            "title": "LXD Container Home Server Networking For Dummies"
+        },
+        {
+            "location": "/lxd_container_home_server_networking_for_dummies/#lxd-container-home-server-networking-for-dummies",
+            "text": "",
+            "title": "LXD Container Home Server Networking For Dummies"
+        },
+        {
+            "location": "/lxd_container_home_server_networking_for_dummies/#why",
+            "text": "If you're going to operate a fleet of LXD containers for home\nentertainment, you probably want some of them exposed with their\nown ip addresses on your home network, so that you can use them\nas containerized servers for various applications.  Others containers, you might want to be inaccessable from the lan,\nin a natted subnet, where they can solicit connections to the\noutside world from within their natted subnet, but are not addressable\nfrom the outside. A database server that you connect a web app to, for\ninstance, or a web app that you have a reverse proxy in front of.  But these are two separate address spaces, so ideally all of the containers\nwould have a second interface of their own, by which they could connect\nto a third network, that would be a private network that all of the containers\ncan use to talk directly to each other (or the host machine).  It's pretty straightforward, you just have to glue all the pieces together.",
+            "title": "Why?"
+        },
+        {
+            "location": "/lxd_container_home_server_networking_for_dummies/#three-part-overview",
+            "text": "Define and create some bridges.      Define profiles that combine the network\ninterfaces in different combinations. In addition to two\nbridges you will have a macvlan with which to expose the containers\nthat you want exposed, but the macvlan doesn't come into\nplay until here in step two when you define profiles.      Assign each container which profile it should use,\nand then configure the containers to use the included\nnetwork interfaces correctly.",
+            "title": "Three Part Overview."
+        },
+        {
+            "location": "/lxd_container_home_server_networking_for_dummies/#build-sum-moar-bridges",
+            "text": "The containers will all have two network interfaces from\ntheir own internal point of view,  eth0  and  eth1 .   In this\nscheme we create a bridge for a natted subnet and a bridge for\na non-natted subnet. All of the containers will connect to the\nnon-natted subnet on their second interface,  eth1 , and some\nof the containers will connect to the natted subnet on their \nfirst interface  eth0 . The containers that don't connect\nto the natted subnet will instead connect to a macvlan\non their first interface  eth0 , but that isn't part of this\nstep.",
+            "title": "Build Sum Moar Bridges"
+        },
+        {
+            "location": "/lxd_container_home_server_networking_for_dummies/#bridge-for-a-natted-subnet",
+            "text": "If you haven't used lxd before, you'll want to run the command  lxd init .\nBy default this creates exactly the bridge we want, called  lxdbr0 .  Otherwise you would use the following command to create  lxdbr0 .  lxc network create lxdbr0  To generate a table of all the existing interfaces.  lxd network list  This bridge is for our natted subnet, so we just want to go with\nthe default configuration.  lxc network show lxdbr0  This cats a yaml file where you can see the randomly\ngenerated network for  lxdbr0 .  config:\n  ipv4.address: 10.99.153.1/24\n  ipv4.nat: \"true\"\n  ipv6.address: fd42:211e:e008:954b::1/64\n  ipv6.nat: \"true\"\ndescription: \"\"\nname: lxdbr0\ntype: bridge\nused_by: []\nmanaged: true",
+            "title": "bridge for a natted subnet"
+        },
+        {
+            "location": "/lxd_container_home_server_networking_for_dummies/#bridge-for-a-non-natted-subnet",
+            "text": "Create  lxdbr1  lxc network create lxdbr1  Use the following commands to remove nat from \nlxdbr1.  lxc network set lxdbr1 ipv4.nat false\nlxc network set lxdbr1 ipv6.nat false  Of if you use this next command, your favourite\ntext editor will pop open, preloaded with the complete yaml file\nand you can edit the configuration there.  lxc network edit lxdbr1  Either way you're looking for a result such as the following.\nNotice that the randomly generated address space is different\nthat the one for  lxdbr0 , and that the *nat keys are set\nto \"false\".  config:\n  ipv4.address: 10.151.18.1/24\n  ipv4.nat: \"false\"\n  ipv6.address: fd42:89d4:f465:1b20::1/64\n  ipv6.nat: \"false\"\ndescription: \"\"\nname: lxdbr1\ntype: bridge\nused_by: []\nmanaged: true",
+            "title": "bridge for a non-natted subnet"
+        },
+        {
+            "location": "/lxd_container_home_server_networking_for_dummies/#profiles",
+            "text": "",
+            "title": "Profiles"
+        },
+        {
+            "location": "/lxd_container_home_server_networking_for_dummies/#recycle-the-default",
+            "text": "When you first ran  lxd init , that created a default profile.\nConfirm with the following.  lxc profile list  To see what the default profile looks like.  lxc profile show default  config:\n  environment.http_proxy: \"\"\n  security.privileged: \"true\"\n  user.network_mode: \"\"\ndescription: Default LXD profile\ndevices:\n  eth0:\n    nictype: bridged\n    parent: lxdbr0\n    type: nic\n  root:\n    path: /\n    pool: default\n    type: disk\nname: default\nused_by: []",
+            "title": "recycle the default"
+        },
+        {
+            "location": "/lxd_container_home_server_networking_for_dummies/#profile-the-natted",
+            "text": "The easiest way to create a new profile is start by copying another one.  lxc profile copy default natted  edit the new  natted  profile  lxc profile edit natted  And add an  eth1  interface attached to  lxdbr1 .  eth0  and  eth1  will\nbe the interfaces visible from the container's point of view.  config:\n  environment.http_proxy: \"\"\n  security.privileged: \"true\"\n  user.network_mode: \"\"\ndescription: Natted LXD profile\ndevices:\n  eth0:\n    nictype: bridged\n    parent: lxdbr0\n    type: nic\n  eth1:\n    nictype: bridged\n    parent: lxdbr1\n    type: nic\n  root:\n    path: /\n    pool: default\n    type: disk\nname: natted\nused_by: []  Any container assigned to the  natted  profile, will have an interface  eth0  connected\nto a natted subnet, and a second interface  eth1  connected to a non-natted subnet, with\na static ip on which it will be able to talk directly to the other containers and the host\nmachine.",
+            "title": "profile the natted"
+        },
+        {
+            "location": "/lxd_container_home_server_networking_for_dummies/#profile-the-exposed",
+            "text": "Create the  exposed  profile  lxc profile copy natted exposed  and edit the new  exposed  profile  lxc profile edit exposed  change the nictype for  eth0  from  bridged  to  macvlan , and the parent should be\nthe name of the physical ethernet connection on the host machine, instead of a bridge.  config:\n  environment.http_proxy: \"\"\n  security.privileged: \"true\"\n  user.network_mode: \"\"\ndescription: Exposed LXD profile\ndevices:\n  eth0:\n    nictype: macvlan\n    parent: eno1\n    type: nic\n  eth1:\n    nictype: bridged\n    parent: lxdbr1\n    type: nic\n  root:\n    path: /\n    pool: default\n    type: disk\nname: exposed\nused_by: []  Any container assigned to the  exposed  profile, will have an interface  eth0  connected\nto a macvlan, addressable from your lan, just like any other arbitrary computer on\nyour home network, and a second interface  eth1  connected to a non-natted subnet, with\na static ip on which it will be able to talk directly to the other containers and the host\nmachine.",
+            "title": "profile the exposed"
+        },
+        {
+            "location": "/lxd_container_home_server_networking_for_dummies/#assign-containers-to-profiles-and-configure-them-to-connect-correctly",
+            "text": "There are a lot of different ways that a Linux instance can solicit network services. So for\nnow I will just describe a method that will work here for a lxc container from ubuntu:16.04, as\nwell as a debian stretch container from images.linuxcontainers.org.  Start a new container and assign the profile. We'll use an arbitrary whimsical container name, quick-joey . This process is the same for either the  natted  profile or the  exposed  profile.  lxc init ubuntu:16.04 quick-joey\n# assign the profile\nlxc profile assign quick-joey exposed\n# start quick-joey\nlxc start quick-joey\n# and start a bash shell\nlxc exec quick-joey bash  You need to tell these containers how to connect to the non-natted subnet on  eth1 \nWith either an ubuntu:16.04 container, or a debian stretch container, for either the  natted  or exposed  profile, because of all the above configuration work they will automatically connect on\ntheir  eth0  interfaces and be able to talk to the internet. You need to edit  /etc/network/interfaces ,\nthe main difference being what that file looks like before you edit it.",
+            "title": "Assign Containers to Profiles and configure them to connect correctly."
+        },
+        {
+            "location": "/lxd_container_home_server_networking_for_dummies/#ubuntu1604",
+            "text": "If you start a shell on an ubuntu:16.04 container, you see that  /etc/network/interfaces \ndescribes the loopback device for localhost, then sources  /etc/network/interfaces.d/*.cfg  where\nsome magical cloud-config jazz is going on. You just want to add a static ip description for  eth1 \nto the file  /etc/network/interfaces . And obviously take that the static ip address you assign is\nunique and on the same subnet with  lxdbr1 .  Reminder: the address for  lxdbr1  is 10.151.18.1/24, but it will be different on your machine.  auto lo\niface lo inet loopback\n\nsource /etc/network/interfaces.d/*.cfg\n# what you add goes below here\nauto eth1\niface eth1 inet static\n   address 10.151.18.123\n   netmask 255.255.255.0\n   broadcast 255.255.255.255 \n   network 10.151.18.0",
+            "title": "ubuntu:16.04"
+        },
+        {
+            "location": "/lxd_container_home_server_networking_for_dummies/#debian-stretch",
+            "text": "The configuration for a debian stretch container is the same, except the the file /etc/network/interfaces  will also describe eth0, but you only have to add the \ndescription for eth1.",
+            "title": "debian stretch"
+        },
+        {
+            "location": "/lxd_container_home_server_networking_for_dummies/#the-etchosts-file",
+            "text": "Once you assign the containers static ip addresses for their  eth1 \ninterfaces, you can use the  /etc/hosts  file on each container to make them\naware of where the other containers and the host machine are.  For instance, if you want the container  quick-joey  to talk directly\nto the host machine, which will be at the ip address of  lxdbr1 , start a shell\non the container  quick-joey  lxc exec quick-joey bash  and edit  /etc/hosts  # /etc/hosts\n10.151.18.1    mothership  Of you have a container named  fat-cinderella , that needs to be able to talk\ndirectly  quick-joey .  lxc exec fat-cinderella bash\nvim /etc/hosts  # /etc/hosts\n10.151.18.123  quick-joey  etcetera",
+            "title": "the /etc/hosts file"
+        },
         {
             "location": "/serve_and_share_apps_from_your_phone_with_fdroid/",
             "text": "Serve And Share Apps From Your Phone With Fdroid\n\n\nThis can speed up the process of updating apps on your devices, especially if fdroid is slow.  \n\n\nStep 3: you are born on third base, find the menu item for \nSwap apps\n on phone one\n\n\nOpen fdroid, and navigate to the menu by touching three dots in upper right hand corner of the screen. Select \nSwap apps\n.\n\n\n\n\nStep 4: enable the repo server on phone one\n\n\nOn the next screen toggle on \nVisible via Wi-Fi\n\n\n\n\nStep 5: a small step for your android\n\n\nAt the bottom of the screen select \nSCAN QR CODE\n\n\n\n\nStep 6: choose which apps to serve from phone one\n\n\nAt the next screen \nChoose Apps\n you want to xerve I mean serve and then touch the -> right arrow to proceed\n\n\n\n\nStep 7: another small step for your android\n\n\nTouch the -> right arrow again, do it.\n\n\n\n\nOcho: <- this means step eight\n\n\nTouch the -> right arrow until you are coming here\n\n\n\nNotice you can use either a qr code or a local url, so grab one of your other phones.\n\n\nPrivacy Friendly Qr Scanner\n appears to be a good Qr scanner,\nbut of course you can key in the url by hand too.\n\n\nStep 9: find the menu item for \nRepositories\n on phone two\n\n\nOn your other phone open fdroid, navigate to menu by selecting the 3 dots in the upper right hand corner and choose \nRepositories\n\n\n\n\nStep 10: (temporarily) toggle off the remote repos on phone two\n\n\nToggle all the current repos off and then if you want to key in the new local repo url by hand touch the + plus in the upper right hand corner\n\n\n\n\nStep 11 A: key in the local repo url by hand on phone two\n\n\nAfter touching the + plus button in \nStep Ten\n on phone two, you can fill in the url address that corresponds to the photo in \nOcho\n\n\n\n\nStep 12 A: or scan in the local repo url with qr code on phone two\n\n\nIf you prefer not to key in the url by hand, on phone two touch the\nhome button and then open your qr-scanning application and scan the\nqr code on phone one, as seen in photo \nOcho\n. The qr-scanning\napp will direct you to open fdroid, and your result will be the same as\nthe photo in \nStep Eleven A\n\n\nStep 13: profit from moar faster local downloads\n\n\nOn phone two you can now download and install apps and updates from phone one, and the download speed will be much faster than from the internet.\n\n\n\n\nStep 14: how to remember all this?\n\n\nYou can bookmark.\n\n\nIn fact, you can add a shortcut icon directly to \n\nthis page\n,\non your home screen,\nas seen here with IceCat, a debranded build of the latest extended-support-release\nof FireFox for Android.\n\n\nOr you can clone \nthe git repo\n\nwhich this site automatically builds itself from.",
diff --git a/site/nspawn/index.html b/site/nspawn/index.html
index bd7c500..3288a32 100644
--- a/site/nspawn/index.html
+++ b/site/nspawn/index.html
@@ -54,6 +54,11 @@
           
             <li class="toctree-l1">
 		
+    <a class="" href="../lxd_container_home_server_networking_for_dummies/">LXD Container Home Server Networking For Dummies</a>
+	    </li>
+          
+            <li class="toctree-l1">
+		
     <a class="" href="../serve_and_share_apps_from_your_phone_with_fdroid/">Serve And Share Apps From Your Phone With Fdroid</a>
 	    </li>
           
diff --git a/site/search.html b/site/search.html
index 05eff38..a218967 100644
--- a/site/search.html
+++ b/site/search.html
@@ -50,6 +50,11 @@
           
             <li class="toctree-l1">
 		
+    <a class="" href="lxd_container_home_server_networking_for_dummies/">LXD Container Home Server Networking For Dummies</a>
+	    </li>
+          
+            <li class="toctree-l1">
+		
     <a class="" href="serve_and_share_apps_from_your_phone_with_fdroid/">Serve And Share Apps From Your Phone With Fdroid</a>
 	    </li>
           
diff --git a/site/self_signed_certs/index.html b/site/self_signed_certs/index.html
index cc6ce8a..022229a 100644
--- a/site/self_signed_certs/index.html
+++ b/site/self_signed_certs/index.html
@@ -54,6 +54,11 @@
           
             <li class="toctree-l1">
 		
+    <a class="" href="../lxd_container_home_server_networking_for_dummies/">LXD Container Home Server Networking For Dummies</a>
+	    </li>
+          
+            <li class="toctree-l1">
+		
     <a class="" href="../serve_and_share_apps_from_your_phone_with_fdroid/">Serve And Share Apps From Your Phone With Fdroid</a>
 	    </li>
           
diff --git a/site/serve_and_share_apps_from_your_phone_with_fdroid/index.html b/site/serve_and_share_apps_from_your_phone_with_fdroid/index.html
index 85d5e19..4b3c8a4 100644
--- a/site/serve_and_share_apps_from_your_phone_with_fdroid/index.html
+++ b/site/serve_and_share_apps_from_your_phone_with_fdroid/index.html
@@ -52,6 +52,11 @@
     <a class="" href="..">Home</a>
 	    </li>
           
+            <li class="toctree-l1">
+		
+    <a class="" href="../lxd_container_home_server_networking_for_dummies/">LXD Container Home Server Networking For Dummies</a>
+	    </li>
+          
             <li class="toctree-l1 current">
 		
     <a class="current" href="./">Serve And Share Apps From Your Phone With Fdroid</a>
@@ -224,7 +229,7 @@ which this site automatically builds itself from.</p>
         <a href="../nspawn/" class="btn btn-neutral float-right" title="Nspawn">Next <span class="icon icon-circle-arrow-right"></span></a>
       
       
-        <a href=".." class="btn btn-neutral" title="Home"><span class="icon icon-circle-arrow-left"></span> Previous</a>
+        <a href="../lxd_container_home_server_networking_for_dummies/" class="btn btn-neutral" title="LXD Container Home Server Networking For Dummies"><span class="icon icon-circle-arrow-left"></span> Previous</a>
       
     </div>
   
@@ -250,7 +255,7 @@ which this site automatically builds itself from.</p>
     <span class="rst-current-version" data-toggle="rst-current-version">
       
       
-        <span><a href=".." style="color: #fcfcfc;">&laquo; Previous</a></span>
+        <span><a href="../lxd_container_home_server_networking_for_dummies/" style="color: #fcfcfc;">&laquo; Previous</a></span>
       
       
         <span style="margin-left: 15px"><a href="../nspawn/" style="color: #fcfcfc">Next &raquo;</a></span>
diff --git a/site/sitemap.xml b/site/sitemap.xml
index 2faa09b..9cf53c2 100644
--- a/site/sitemap.xml
+++ b/site/sitemap.xml
@@ -4,7 +4,15 @@
     
     <url>
      <loc>/</loc>
-     <lastmod>2017-07-17</lastmod>
+     <lastmod>2017-07-21</lastmod>
+     <changefreq>daily</changefreq>
+    </url>
+    
+
+    
+    <url>
+     <loc>/lxd_container_home_server_networking_for_dummies/</loc>
+     <lastmod>2017-07-21</lastmod>
      <changefreq>daily</changefreq>
     </url>
     
@@ -12,7 +20,7 @@
     
     <url>
      <loc>/serve_and_share_apps_from_your_phone_with_fdroid/</loc>
-     <lastmod>2017-07-17</lastmod>
+     <lastmod>2017-07-21</lastmod>
      <changefreq>daily</changefreq>
     </url>
     
@@ -20,7 +28,7 @@
     
     <url>
      <loc>/nspawn/</loc>
-     <lastmod>2017-07-17</lastmod>
+     <lastmod>2017-07-21</lastmod>
      <changefreq>daily</changefreq>
     </url>
     
@@ -28,7 +36,7 @@
     
     <url>
      <loc>/mastodon_on_arch/</loc>
-     <lastmod>2017-07-17</lastmod>
+     <lastmod>2017-07-21</lastmod>
      <changefreq>daily</changefreq>
     </url>
     
@@ -36,7 +44,7 @@
     
     <url>
      <loc>/debian_nspawn_container_on_arch_for_testing_apache_configurations/</loc>
-     <lastmod>2017-07-17</lastmod>
+     <lastmod>2017-07-21</lastmod>
      <changefreq>daily</changefreq>
     </url>
     
@@ -44,7 +52,7 @@
     
     <url>
      <loc>/dynamic_cacheing_nginx_reverse_proxy_for_pacman/</loc>
-     <lastmod>2017-07-17</lastmod>
+     <lastmod>2017-07-21</lastmod>
      <changefreq>daily</changefreq>
     </url>
     
@@ -52,7 +60,7 @@
     
     <url>
      <loc>/freebsd_jails_on_freenas/</loc>
-     <lastmod>2017-07-17</lastmod>
+     <lastmod>2017-07-21</lastmod>
      <changefreq>daily</changefreq>
     </url>
     
@@ -60,7 +68,7 @@
     
     <url>
      <loc>/arch_redis_nspawn/</loc>
-     <lastmod>2017-07-17</lastmod>
+     <lastmod>2017-07-21</lastmod>
      <changefreq>daily</changefreq>
     </url>
     
@@ -68,7 +76,7 @@
     
     <url>
      <loc>/arch_postgresql_nspawn/</loc>
-     <lastmod>2017-07-17</lastmod>
+     <lastmod>2017-07-21</lastmod>
      <changefreq>daily</changefreq>
     </url>
     
@@ -76,7 +84,7 @@
     
     <url>
      <loc>/self_signed_certs/</loc>
-     <lastmod>2017-07-17</lastmod>
+     <lastmod>2017-07-21</lastmod>
      <changefreq>daily</changefreq>
     </url>