1 minute read

This post is more a reminder for myself than anything else ;)

I’m running a few docker containers on a macvlan network so that they can be assigned IP addresses in my main address space.

One of the drawbacks of using macvlan is that the container can’t contact the host, and vice versa. This is annoying when the container in question is part of your DNS infrastructure.

Luckely, a solution exists - creating another macvlan interface on the host, and using that to access those containers. This blog post by Lars Kellogg-Stedman nicely summarizes how to do this. You also need to setup the right routes to make this magic work.

I use as the range where I run my macvlan containers. is reserved for the macvlan interface. My DNS container runs in the non-reserved space, though, on IP address

For my own references, to add this to /etc/network/interfaces use the following syntax, adapting to the right subnet and interface:

iface eth0 inet static

    post-up ip link add macvlan-lan link eth0 type macvlan mode bridge
    post-up ip addr add dev macvlan-lan
    post-up ip link set macvlan-lan up
    post-up ip route add dev macvlan-lan
    post-up ip route add dev macvlan-lan

or, in Network Manager speak (for another server I have):

nmcli con add con-name macvlan-lan type macvlan ifname macvlan-lan ip4 dev eth0 mode bridge
nmcli con mod macvlan-lan +ipv4.routes ""
nmcli con mod macvlan-lan +ipv4.routes ""