No Internet from Docker container (ipvlan)

Installing and Using OpenWrt Network and Wireless Configuration
1

Hi All, before start, please consider my current (super complex :slight_smile: ) topology

ISP Router <---WAN (eth2)---> OpenWRT router <---LAN (eth1)---> My Computer
  1. I have a virtual interface "br-lan" that contains eth0 and eth1
  2. My WAN network is 192.168.100.0/255.255.255.0, GW 192.168.100.1
  3. My LAN network is 172.16.0.0/255.255.255.0 GW 172.16.0.1
  4. My Computer has the IP address 172.16.0.10

I have Docker support and I have created the following ipvlan networks:

# inner refers to the 172.16.0.0 network
docker network create -d ipvlan --subnet 172.16.0.0/24 --gateway 172.16.0.1 -o parent=br-lan inner

# outer refers to the 192.168.100.0 network
docker network create -d ipvlan --subnet 192.168.100.0/24 --gateway 192.168.100.1 -o parent=eth2 outer

I'm using ipvlan as I don't want to deal with promisc if go with macvlan
Then I'm starting a container as follow:

docker run -it --rm --network inner --ip 172.16.0.4 --name cartman busybox

Inside the container, if I run ip a I can see my ip address as expected

inet 172.16.0.4/24 brd 172.16.0.255 scope global eth0

I can emit/send packages to the internet but it seems that I can't receive anything and I don't understand it, for example

The following works as expected

/ # nslookup www.google.com
Server:		127.0.0.11
Address:	127.0.0.11:53

Non-authoritative answer:
Name:	www.google.com
Address: 2800:3f0:4003:c03::67
Name:	www.google.com
Address: 2800:3f0:4003:c03::63
Name:	www.google.com
Address: 2800:3f0:4003:c03::68
Name:	www.google.com
Address: 2800:3f0:4003:c03::69

Non-authoritative answer:
Name:	www.google.com
Address: 142.250.0.105
Name:	www.google.com
Address: 142.250.0.106
Name:	www.google.com
Address: 142.250.0.99
Name:	www.google.com
Address: 142.250.0.147
Name:	www.google.com
Address: 142.250.0.103
Name:	www.google.com
Address: 142.250.0.104

/ # ping 172.16.0.10
PING 172.16.0.10 (172.16.0.10): 56 data bytes
64 bytes from 172.16.0.10: seq=0 ttl=64 time=1.476 ms
64 bytes from 172.16.0.10: seq=1 ttl=64 time=0.906 ms
^C
--- 172.16.0.10 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.906/1.191/1.476 ms

However, the following does not work

/ # ping www.google.com
PING www.google.com (142.250.0.104): 56 data bytes
< some time later when I press CTRL C >
--- www.google.com ping statistics ---
50 packets transmitted, 0 packets received, 100% packet loss

/ # wget www.google.com
Connecting to www.google.com (64.233.186.104:80)
wget: can't connect to remote host (64.233.186.104): No route to host

On Network -> Interfaces I have checked the box for masquerading in the lan zone to test but is the same thing

Any ideas?