Does OpenWrt have "special support" for macvlan container and host communication?

I set a "macvlan" network to a Docker container. Everything is working except that the host PC cannot connect to the container and vice versa. Searching Google, I have found this page saying:

the container will not be able to connect to your host (and your host will not be able to connect to your container). This is a limitation of macvlan interfaces: without special support from a network switch, your host is unable to send packets to its own macvlan interfaces.

I wonder if OpenWrt has that "special support", whatever that is, because OpenWrt is sort of for people who would use Docker. If it has, how to enable it?

No special support is needed. Please create a new macvlan interface and leave it on the host side. Netifd has some support for it to be created through UCI, but unfortunately not through LuCI. The config fragment looked like this in OpenWRT 21.02 and before:

config device 'veth5'
    option name 'veth5'
    option type 'macvlan'
    option ifname 'eth1'

I don't know if it works with 22.03.

Then reboot the router and assign some IP, with the /32 netmask, to the new interface. Containers will be able to communicate to this IP.

EDIT: the above assumes that you are running Docker on OpenWRT. If not, the principle stays the same: add a new macvlan port through whatever means appropriate to your host, and assign an IP address to it.

Furthermore, what Google refers to is called "hairpin mode". Netifd apparently has support for it (at least it contains the string "hairpin"), but I don't know how to configure it. An extra macvlan port is easy enough and definitely works on non-OpenWRT hosts :slight_smile:

EDIT 2: The hairpin mode is not exposed explicitly, but is enabled if you enable multicast-to-unicast translation on the bridge port. This is relevant if you have Docker on a host other than OpenWRT, and don't want to try the (easier) solution with an extra macvlan interface.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.