Communication with the Docker host over macvlan
When using macvlan, you cannot ping or communicate with the default namespace IP address (This basically means your containers on the maclaven bridge cannot communicate with the containers on the host network). For example, if you create a container and try to ping the Docker host’s eth0, it will not work. That traffic is explicitly filtered by the kernel modules themselves to offer additional provider isolation and security.
There is a way to allow this, but requires a bit more tinkering with your system, you can find the information in the bottom of this manual:
If you need containers on the host to talk to containers on macvlan, move them to the maclaven bridge.
So what happens if you want to run two web servers on the same docker host? You would have to use different ports to avoid conflict as two servers can not listen to the same port on the same IP. There’s an easy way to solve that. In earlier posts I have showed you how to create a network bridge for your LXC containers.
We can connect docker containers to the same bridge by adding it to the docker network:
docker network create --driver macvlan --subnet 192.168.1.0/24 --gateway 192.168.1.1 -o parent=br0 br0-docker
Make sure you enter your subnet / gateway correctly. I am not going in to a deep explanation on subnets but if your ip is: 192.168.1.23 your subnet is (well almost always) 192.168.1.0/24.
We have now attached docker network br0-docker to br0, and you can start your containers with:
docker run --net=br0-docker --ip=192.168.1.123
You must specify what ip you want the container to use. Thats it, happy docking.