How do I access container from different host on same network when using macvlan driver

ash9002 · November 4, 2018, 7:43pm

I’ve created my macvlan network as follows:

docker network create -d macvlan -o parent=eth0 \
--subnet 192.168.1.0/24 \
--gateway 192.168.1.1 \
--ip-range 192.168.1.192/27 \
--aux-address 'host=192.168.1.223' \
mynet

I run my container as follows:

docker run --name nginx -d --net mynet nginx

The container’s IP is 192.168.1.192

I have two hosts that can ping each other both ways:

Host A: 192.168.1.98 (where Docker engine is running)

Host B: 192.168.1.6

Because macvlan by definition doesn’t allow host-to-container communication, I have created a sub-interface as follows to allow this communication:

ip link add mynet-shim link eth0 type macvlan  mode bridge

ip addr add 192.168.1.223/32 dev mynet-shim

ip link set mynet-shim up

ip route add 192.168.1.192/27 dev mynet-shim

I’m able to access the container from host A as when I run:

curl 192.168.1.192:80 , I receive the nginx default html

I’m also able to ping the container from host A.

When I run docker logs nginx , it says:

192.168.1.223 - - [02/Nov/2018:16:19:32 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.29.0" "-"

So it is working with the mynet-shim sub-interface.

However, I’m unable to access the container from host B as both the curl and ping commands to the container fail from host B, even though it’s in the same subnet as host A and the container

Is there any additional configuration that I may have missed on host B?