Older versions of the docker documentation for mavlan networks included following note:

When using macvlan, you cannot ping or communicate with the default namespace IP address. For example, if you create a container and try to ping the Docker host’s eth0, it will not work. That traffic is explicitly filtered by the kernel modules themselves to offer additional provider isolation and security.

A macvlan subinterface can be added to the Docker host, to allow traffic between the Docker host and containers. The IP address needs to be set on this subinterface and removed from the parent address. ip link add mac0 link $PARENTDEV type macvlan mode bridge

Your networking equipment needs to be able to handle “promiscuous mode”, where one physical interface can be assigned multiple MAC addresses.

Especially if you use a vm, you need to make sure to enable promiscous mode. Some hypervisors provide the settings on VM level, some on vSwitch level.