Macvlan access to bridged containers not working

General
1

Hi All,
I’m running several docker containers on my Synology NAS working in bridged mode.
Now I added two separate containers: a PiHole container as a DNS server and Nginx Proxy Manager as a proxy server.
Because Nginx Proxymanger uses ports 80/443 already in use, I created a Macvlan for both containers:

sudo docker network create -d \
            macvlan \
            -o parent=eth0 \
            --subnet=192.168.1.0/24 \
            --gateway=192.168.1.1 \
            --ip-range=192.168.1.245/30 \
            MacVLan

I’m using 245 for PiHole and 246 for NginxPM.
Now everything works well, when I try to access a webserver on a different host. So my bitwarden runs on a seperate host and I can perfectly well establish a secure connection to this webserver via NginxPM. So this setup seems to be OK.
I’m getting 502 bad gateway, when I try to access a webserver running in a container which is in bridged mode on the Synology (the same host as NginxPM).
Below a screenshot of my docker network setup:

Screenshot 2023-02-15 at 10.11.01
Screenshot 2023-02-15 at 10.11.011446×826 61.2 KB

Screenshot 2023-02-15 at 10.19.06
Screenshot 2023-02-15 at 10.19.061860×1198 337 KB 

sudo docker network inspect MacVLan

gives:

[
    {
        "Name": "MacVLan",
        "Id": "8fcdbac9a379f0750fe29f061caaea8ba0a6285356214ef54f959ed3bc5edf89",
        "Created": "2023-02-13T19:26:21.286074767+01:00",
        "Scope": "local",
        "Driver": "macvlan",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "192.168.1.0/24",
                    "IPRange": "192.168.1.245/30",
                    "Gateway": "192.168.1.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "7bb468f7d52363e8e4095b50e20b1bfc375152d9c678cbf79fa4c6060ce9b886": {
                "Name": "NginxProxyManager",
                "EndpointID": "601134440cd984b72c5c4570350297c18db43ac6d6d52defd7f8d366e3b9876b",
                "MacAddress": "04:c4:c0:a4:c4:a4",
                "IPv4Address": "192.168.1.246/24",
                "IPv6Address": ""
            },
            "a30216accd96347738e39223a9c3e3595b8bc840491913f12129f3fca00131f3": {
                "Name": "PiHole",
                "EndpointID": "365f69ca84fb7c57ba8e1a93f9984272828b313bf0c7ae8b7588fe1a211e3d75",
                "MacAddress": "04:44:c0:a4:04:a4",
                "IPv4Address": "192.168.1.245/24",
                "IPv6Address": ""
            }
        },
        "Options": {
            "parent": "eth0"
        },
        "Labels": {}
    }
]

Any suggestion what’s wrong
Thx,
PPee

2

A macvlan client interface (=what your containers attached to the macvlan network use), can not communicate with the macvlan parent interface (=the host interface).

As bridge networks use the host interface, they use the macvlan parent interface.

Container not attached to the macvlan network, won’t be able to communicate with each other, unless all involved containers are additionally attached to the same bridge network.

3

Hi Meyay, Thanks for your response.
How would you additionally connect these containers to the bridged network?

4

The Syno Docker-UI provides a menu entry for networks, and allows to edit a network and add containers to a network.

5

I added both Macvlan containers to the bridge network using the ui, bt still not possible to reach the other containers

6

Ah, my bad: it is not going to work with the default bridge network, as it specific requires container linking.

Please create a new bridge network, attach the containers to that network and make sure to use the container names to access the other containers.