Unable to access docker containers from host over macvlan network

Question

In my Linux network I am unable to reach my docker containers from the host they are running on, over a dedicated macvlan network. All other connections from to this macvlan net

Answer 1

The host cannot communicate with local macvlan devices without special support from an external switch. See e.g. this Red Hat documentation which discusses the use of macvlan devices for virtual machines:

However, when a guest virtual machine is configured to use a type='direct' network interface such as macvtap, despite having the ability to communicate with other guests and other external hosts on the network, the guest cannot communicate with its own host.

This situation is actually not an error — it is the defined behavior of macvtap. Due to the way in which the host's physical Ethernet is attached to the macvtap bridge, traffic into that bridge from the guests that is forwarded to the physical interface cannot be bounced back up to the host's IP stack. Additionally, traffic from the host's IP stack that is sent to the physical interface cannot be bounced back up to the macvtap bridge for forwarding to the guests.

Answer 2

You can do this by doing the following:

ip link add foobar link enp7s0 type macvlan mode bridge
ip addr add 192.168.9.252/32 dev foobar
ip link set foobar up
ip route add 192.168.9.228/32 dev foobar

Where:

enp7s0 - Name of your physical adapter

192.168.9.252/32 - Genuine new IP on your network

192.168.9.228/32 - IP of the container using macvlan

Please be aware that this will not survive reboots, so you will need to script it to run each reboot or use another method to make it persisten