Sometimes you might want to save some IP addresses by placing a few servers behind a nat. This can be done by masquerading with iptables.
You can add a section like this in /etc/network/interfaces
auto vmbr1
iface vmbr1 inet static
address 10.0.0.1/24
bridge-ports none
bridge-stp off
bridge-fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.0.0.0/24' -o enp35s0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.0.0.0/24' -o enp35s0 -j MASQUERADE
## do do a port-forward to the VM with "lan" ip 10.0.0.3 from the host port 8080 the VM port 80
## you can use a line like this.
# post-up iptables -t nat -A PREROUTING -i enp35s0 -p tcp --dport 8080 -j DNAT --to 10.10.10.3:80
You can then reload networking with:
ifreload -a
This can also be used to create a small private network