Ipvlan DockerDesktop for Windows with WSL2 and a Linux container

I am trying to expose a linux container running a service accessible to the intranet while running DockerDesktop for Windows. The service needs to support Windows Authentication. However, Windows Authentication does not support NATs like used in bridge networks. DockerDesktop does not support macvlan. Can I use ipvlan with a DockerDesktop/WS2 host? Or do I need to use a Linux Host for macvlan.

I found this thread that indicates that it is not possible to use ipvlan with DockerDesktop/WSL2

In the past I’ve explored (and not implemented) swam networks with Traefik to route external requests to swarm services. Does anyone know if something similar would work for Windows Authentication when running on a DockerDesktop/WSL2 host?

Fyi, I had a related post but have but ended up using Ubuntu and not RHEL

It can not work with Docker Desktop, as it always runs in a utility-vm. Thus, the parent network interface used for ipvlan (or macvlan) can only be the (natted) private network interface of the utility-vm, which is not routed to your lan. For time being there is no way. Recently an experimental feature was added in WSL2 that adds interface mirroring (See: Release 2.0.0 · microsoft/WSL · GitHub). I have no idea whether it really will allow Docker Desktop for Windows to use ipvlan/macvlan one day .

Right now ipvlan/macvlan only work with docker-ce on Linux.

Is this limitation also present with Windows2022/WSL2 hosts? Are containers required to be natted to the host network?

Yes, true for ALL Docker Desktop versions when running Linux containers. Otherwise, I would have mentioned it in my previous post.

Like I already wrote: Docker Desktop’s utility-vm is already natted, and because of that containers can effectively only work with the bridge/overy networks, which are also natted.

So the way I got around my issue in the end was to not use WSL and instead build a VM, then install Linux on it, then install the normal version of Docker (which has all the features).

Of course, full blown docker is better than Docker for Windows, and the only advantage of the latter is that it is easier and more convenient to setup. But if you are familiar with the Docker CLI (instead of using the GUI provided by DfW) then this is the way to go.

Simply put Docker for Windows can only run in bridge/NAT mode, this limitation is due to WSL itself and not DfW or Windows; if you require your container to be directly exposed to the host LAN in any form, you’re going to have to install full Docker on a VM instead of DfW - incidentally, this what WSL does for you anyway, i is actually a custom VM, it’s just you can’t use it like a proper VM.

Also, as far as I understand it, Windows Authentication does support NAT, why do you think this? maybe if you elaborate on this a bit more we might be able to advise an alternative way to achieve what you want.

Thank you for the clarification.

I can’t find the specific post regarding windows authentication against a MSSQL server but this link also refers to the limitation. In this use case the server is running on the private side of the NAT.

The only configuration with NAT that was tested by Microsoft is running client on the private side of a NAT and have all servers located on the public side of the NAT. The NAT would also function as a DNS server.

Instead I am pursing your suggestion of using HyperV