This post is more a reminder for myself than anything else ;)
One of the drawbacks of using macvlan is that the container can’t contact the host, and vice versa. This is annoying when the container in question is part of your DNS infrastructure.
Luckely, a solution exists - creating another macvlan interface on the host, and using that to access those containers. This blog post by Lars Kellogg-Stedman nicely summarizes how to do this. You also need to setup the right routes to make this magic work.
192.168.1.192/26 as the range where I run my macvlan containers.
192.168.1.254 is reserved for the macvlan interface.
My DNS container runs in the non-reserved space, though, on IP address
For my own references, to add this to
/etc/network/interfaces use the following syntax, adapting to the right
subnet and interface:
iface eth0 inet static address 192.168.1.13 netmask 255.255.255.0 gateway 192.168.1.1 post-up ip link add macvlan-lan link eth0 type macvlan mode bridge post-up ip addr add 192.168.1.254/32 dev macvlan-lan post-up ip link set macvlan-lan up post-up ip route add 192.168.1.2/32 dev macvlan-lan post-up ip route add 192.168.1.192/26 dev macvlan-lan
or, in Network Manager speak (for another server I have):
nmcli con add con-name macvlan-lan type macvlan ifname macvlan-lan ip4 192.168.1.253/32 dev eth0 mode bridge nmcli con mod macvlan-lan +ipv4.routes "192.168.1.3/32" nmcli con mod macvlan-lan +ipv4.routes "192.168.1.192/26"