I created an interface for a vlan with id 50 on my pfsense box. I allowed any traffic for now. On my lan interface I allow vlan 50 as well.

On my server running docker, I created a link with ip address and brought it up:

sudo ip link add link eno1 name eno1.50 type vlan id 50
sudo ip addr add 192.168.50.2 dev eno1.50
sudo ip link set eno1.50 up

I can ping my pfsense on 192.168.50.1 and I can ping 192.168.50.2 from pfsense. I confirmed the link and vlan is working from what I can tell.

When I remove that ip and link and create a macvlan network as follows:
docker network create -d macvlan --subnet=192.168.50.0/24 --gateway=192.168.50.1 -o parent=eno1.50 macvlan50
and run a container, as per the docs:
docker run --net=macvlan50 -it --name vlan_test --rm alpine /bin/sh
I cannot ping the gateway. I can confirm it gets an ip 192.168.50.2, but when I ping the gateway and run a tcpdump on pfsense I see nothing coming in.

Running a tcpdump on the docker host from another terminal, I see this:

15:25:29.238020 ARP, Request who-has 192.168.50.1 tell 192.168.50.2, length 28
15:25:30.240094 ARP, Request who-has 192.168.50.1 tell 192.168.50.2, length 28
15:25:31.253376 ARP, Request who-has 192.168.50.1 tell 192.168.50.2, length 28
15:25:33.238526 ARP, Request who-has 192.168.50.1 tell 192.168.50.2, length 28
15:25:34.240051 ARP, Request who-has 192.168.50.1 tell 192.168.50.2, length 28

This tells me that the gateway 192.168.50.1 lives on my own host, the traffic is not leaving my host onto the network, but docker seems to keep it to itself internally.

I tried different things including a macvlan bridge on my self-created link but container traffic never seem to get onto the network (never reaches pfsense).

I’ve been reading the docs and guides but so far I haven’t been able to figure out what I’m doing wrong.

Any help would be greatly appreciated!
Thanks.