Docker MACvlan Network, Unable to Access Internet

Docker macvlan network, unable to access internet

You might want to start by reading up on simple routing concepts or subnets and routing

How do I create a macvlan docker network if my gateway is out of my subnet?

A gateway address must be on the same subnet as an interface. To use this new subnet you will need to use up one of the IP addresses and assign it somewhere on the host as a gateway.

Subnet routing to a bridge network.

From the hosting screen shot, the 88.99.114.16/28 subnet has been setup to route via your host 88.99.102.103. You need to create an interface somewhere on your host to use as the gateway if you want Docker to use the rest of the IP addresses in the subnet.

Create a bridge network for Docker to use, the bridge will be assigned the gateway address 88.99.114.17

docker network create \
  --driver=bridge \
  --subnet 88.99.114.16/28 \
  --gateway=88.99.114.17 \
  name0

You may also need to enable IP forwarding for routing to work. Configure ip forwarding in /etc/sysctl.conf:

net.ipv4.ip_forward = 1

and Apply the new setting

sysctl -p /etc/sysctl.conf

Then run a container on the new bridge with your routed network should be able to access the gateway and the internet

docker run --net=name0 --rm busybox \
  sh -c "ip ad sh && ping -c 4 88.99.114.17 && wget api.ipify.org"

You may need to allow access into the subnet in iptables, depending on your default FORWARD policy

iptables -I DOCKER -d 88.99.114.16/28 -j ACCEPT

Services on the subnet will be accessible from the outside world

docker run --net=name0 busybox \
  nc -lp 80 -e echo -e "HTTP/1.0 200 OK\nContent-Length: 3\n\nHi\n"

Then outside

○→ ping -c 2  88.99.114.18
PING 88.99.114.18 (88.99.114.18): 56 data bytes
64 bytes from 88.99.114.18: icmp_seq=0 ttl=63 time=0.527 ms
64 bytes from 88.99.114.18: icmp_seq=1 ttl=63 time=0.417 ms

--- 88.99.114.18 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.417/0.472/0.527/0.055 ms

○→ curl 88.99.114.18
Hi

No need for macvlan interface mapping.

How do I run a container using macvlan network when I have only IP
address but no mac address?

macvlan is use to map a physical/host interface into a container. As you don't have a physical interface for these addresses it will be hard to map one into a container.

Docker Macvlan network inside container is not reaching to its own host

This is defined behavior for macvlan and is by design. See Docker Macvlan Documentation

• When using macvlan, you cannot ping or communicate with the default namespace IP address. For example, if you create a container and try to ping the Docker host’s eth0, it will not work. That traffic is explicitly filtered by the kernel modules themselves to offer additional provider isolation and security.

• A macvlan subinterface can be added to the Docker host, to allow traffic between the Docker host and containers. The IP address needs to be set on this subinterface and removed from the parent address.

Docker network macvlan driver: gateway unreachable

Macvlan is unlikely to work with IEEE 802.11.

Your wifi access point, and/or your host network stack, are not going to be thrilled.

You might want to try ipvlan instead: add -o ipvlan_mode=l2 to your network creation call and see if that helps.

That might very well still not work... (for eg, if you rely on DHCP and your DHCP server uses macaddresses and not client id)

And your only (reasonable) solution might be to drop the wifi entirely and wire the device up instead... (or move away from macvlan and use host / bridge - whichever is the most convenient)

---

Related Topics