Hello guys,
I think this is a common issue, but despite I have looked into I wasn’t able to find a workaround.
On my Docker I use multiple Networks based on the drivers “bridge” (Docker internal 172.17.0.0/16, 172.19.0.0/16, etc.) and “macvlan” (for my own physical Network 192.168.1.0/24).
Those works fine taken one by one, but I have noticed that the containers on “bridge” Network can’t reach the ones on “macvlan”, but can reach the devices (e.g. the router, etc.) based on the same Subnet. Those container has the route 0.0.0.0/0 driving to the Docker’s GW 172.*.0.1, so I am assuming the issue is there.
Do you have any suggestions for this?
A container only attached to macvlan will not be able to access a container on the same host that is only attached to the bridge network and the other way around.
The reason is quite simple: a kernel security restriction prevents direct communication between macvlan child interfaces (what containers with macvlan network use) and their parent interface (what the host uses). This is a general behavior of macvlan, regardless whether it’s used with or without docker.
When a docker bridge network is used, outgoing traffic is natted with the host ip (as in from the macvlan parent interface), incoming traffic uses port forwarding from the host interface (again: parent interface).
If you want a container in a bridged network to communicate with a container in a macvlan network, the container in the mavlan network needs an additional bridged network. Then these containers need to use the (docker compose) service or container name to communicate over the bridge network.
Hello @meyay,
Sorry for my late reply, but I was stuck with my job…
Thank you for your explanation:
If you want a container in a bridged network to communicate with a container in a macvlan network, the container in the mavlan network needs an additional bridged network. Then these containers need to use the (docker compose) service or container name to communicate over the bridge network.
Ok, so one Containers, but 2 Network (macvlan and bridge). I will eventually try!