I’m working on setting up a Docker-based development environment using IPvlan L3 mode in WSL2 on Windows 11. My main challenge is achieving bidirectional communication between a Docker container, the Windows host, and a physical camera device on the same network.
Current Setup:
Docker Container (172.19.0.30): Can ping the physical camera (172.19.0.60).
Windows Host (172.19.0.150): Can ping the camera but cannot ping the Docker container.
Problem:
In IPvlan L3 mode, it seems that communication is typically only one-way (from container to host or device). I need to configure the network so that both the Windows host and the camera can detect and communicate with the Docker container.
What I’ve Tried:
Adding routes on the Windows host.
Enabling IP forwarding in WSL2.
Checking iptables rules to ensure nothing is blocked.
Adjusting Docker network configurations in the docker-compose.yml.
Questions:
How can I configure the Docker network and WSL2 to allow the host and camera to communicate with the container?
Are there any specific configurations or workarounds that can help achieve this in IPvlan L3 mode?
Environment:
OS: Windows 11 Pro
WSL2 Distro: Ubuntu 20.04
Docker Version: 20.10.17
Docker Compose Version: 1.29.2
Any advice or guidance on resolving this networking challenge would be greatly appreciated!
Something is not right here. You chose the Windows Containers subcategory under “Docker Desktop for Windows”, but you mention WSL2 so you are using Linux which is also confirmed by your Environment section at the end of your question. Your Docker version and Compose version are old and Docker Desktop does not use Ubuntu, so a great way to avoid getting answers is choosing an unrelated category.
I don’t understand this either. how can your container IP be on the same network as your Windos host? Or is 172.19.0.150 in a different subnet using netmasks?
Can you explain in more details how your network looks like?
I would also recommend updating Docker and definitely Compose. Search for Compose v2.
EDIT:
After some minutes I realized you probably meant 172.19.0.150 was the IP of Windows on the network of WSL2 and you ran the container on IPVlan in the same LAN network. Right?
You’re right—the Windows host at 172.19.0.150 is on the WSL2 network, and the container is running with IPvlan in the same LAN.
My ultimate goal is to set up a dedicated network where the container and an external device (such as a camera, WSL, or the Windows host) can communicate bidirectionally. The issue is that I can only establish communication in one direction: from the container to the other devices.
For context, I initially used Docker Compose to simplify debugging, but I also tested by manually creating everything in the terminal, connecting the containers to the network, and performing the connection tests. The results were the same, so using Docker Compose was purely for easier debugging.
How did you configure your WSL2 distribution to not use a NATted private network? Even mirrored mode does not make the WSL2 distribution behave like it’s attached to a network bridge. If I am not mistaken WSL1 allows creating a network bridge (which then acts like a switch)
Furthermore, ipvlan l3 is supposed to have a different ip range than the host (in your case the wsl2 distribution), and it should route from the host network (again your wsl2 distro) to the container network (and the other way around). This ip range is also not the ip range of your lan.
My WSL2 distribution is using a NATted private network, with an IP address of 172.24.28.102/20 assigned to eth0. The routing table confirms that traffic is routed through the gateway 172.24.16.1. I’m using WSL2 version 2, and there are no custom network bridge configurations in place.
Key Points:
The WSL2 distribution is attached to a NATted network by default, not a bridged one.
The Docker container network (192.168.200.0/24) is separate from both the host network (192.168.100.0/24) and the WSL2 network (172.24.28.102/20), which aligns with the expected behavior of IPvlan L3 mode.
Despite correct route configuration and IP forwarding being enabled, the host still cannot ping the container, likely due to Docker’s network isolation in this setup.
It appears that WSL2’s networking, even in mirrored mode, doesn’t behave like a true network bridge, which might be contributing to the issue.
This can’t be right. Shouldn`t it be via the ip of your wsl distribution?
On the host you have the “Ethernet-Adapter vEthernet (WSL (Hyper-V firewall))” interface, which allows you to access the ip of the wsl distribution. The very same ip is configured as default gateway inside the wsl distribution.
I am perfectly able to ping the wsl distribution’s ip from my windows host.
Can you share how you created the ipvlan l3 network?
Thank you for sharing the ipvlan l3 configuration. I didn’t expect it to be a straight forward configuration, as I tried to use ipvlan l3 in the past and failed.
The gateway 172.24.16.1 has no shared interface within the same subnet as 192.168.100.3. How do you expect it to route the traffic? I suggested to use the ip of the wsl distribution instead of the gateway - you just repeated a variation of what you tried before.
I fixed the issue properly this time, but I noticed something that might be a better proxy to understand this problem:
Device Name: Debian WSL IP Address: 172.24.28.102 Subnet: 172.24.16.0/20 Gateway: Not Defined Network Interface: eth0 MAC Address: 00:15:5d:e1:e8:be Broadcast Address: 172.24.31.255 Routing: Local Route 172.24.16.0/20 via eth0, Default Route via 172.24.16.1
Container Name: dev-container IP Address: 172.24.16.11 Subnet: 172.24.16.0/20 Gateway: Not Defined Network Interface: eth0 MAC Address: a6:e7:0c:02:22:84 Broadcast Address: 172.24.31.255 Routing: Local Route 172.24.16.0/20 via eth0, Default Route via eth0
Question:
Why could the dev-container successfully ping the Debian WSL device, but the Debian WSL device received “Destination Host Unreachable” when pinging the dev-container, despite both having correct network configurations and no firewall restrictions?
Now, I can see that the Windows host is correctly routing to the WSL interface, but the communication fails to complete. Therefore, I believe this test I just shared highlights the underlying issue that may be affecting the broader IPvlan L3 mode setup.