Docker (macvlan) and LibreELEC on RPi4

  • Hello,

    I have super strange issue related to that, I cannot allow the communication between docker host (RPi4/LibreELEC) and the containers. I'm using macvlan interfaces, because I intend to run tvheadend as docker container, and because of multicast I know this should be running as macvlan interface on the network.


    So let's go back to the issue, what I have till now..
    Docker is already installed, up and running, here I have two containers, the first one is portainer, but it is connected to default network of docker, and the second one is simple linux appliance connected to macvlan network,


    Code
    Kodi:~ # docker ps -a
    CONTAINER ID        IMAGE                   COMMAND                  CREATED             STATUS              PORTS                                         NAMES
    92e2f31075f9        treehouses/php-apache   "docker-php-entrypoi…"   About an hour ago   Up About an hour                                                  tvgo.home.lan
    d2f942d56e92        portainer/portainer     "/portainer --ssl --…"   About an hour ago   Up About an hour    0.0.0.0:80->8000/tcp, 0.0.0.0:443->9000/tcp   portainer.home.lan
    Kodi:~ #



    Code
    Kodi:~ # docker network list
    NETWORK ID          NAME                DRIVER              SCOPE
    3542aa40e26a        bridge              bridge              local
    406d6d8a43aa        host                host                local
    76a7e1c010c9        lsio                bridge              local
    f898c4c0c3e1        none                null                local
    ef1db953a73d        vlan6               macvlan             local
    Kodi:~ #



    Here I have this one,


    Code
    /usr/sbin/ip link add macvlan link eth0 type macvlan mode bridge
    /usr/sbin/ip addr add 192.168.40.3/32 dev macvlan
    /usr/sbin/ip link set macvlan up
    /usr/sbin/ip route add 192.168.40.5/32 dev macvlan
    /usr/sbin/ip route add 192.168.40.6/32 dev macvlan


    I used this guide to create this configuration:


    Using Docker macvlan networks · The Odd Bit


    And this works on my lab environment, but when I try to replicate it on RPi4/LibreELEC, it simply doesn't' work


    Code
    Kodi:~ # ping 192.168.40.6
    PING 192.168.40.6 (192.168.40.6): 56 data bytes
    ^C
    --- 192.168.40.6 ping statistics ---
    5 packets transmitted, 0 packets received, 100% packet loss
    Kodi:~ #


    If I try to ping the same address from different host on my network, it works...



    So please tell me, what I'm missing..

    Thanks a lot!


    Aa, maybe I forgot to show you the IP address and routing information of RPi box,



    So I expect I'm able to learn the MAC address from macvlan interface for 192.168.40.6, unfortunately I can't


    Code
    Kodi:~ # arp -a
    ? (192.168.40.5) at 52:44:54:ba:46:15 [ether]  on eth0
    ? (192.168.40.1) at 00:22:bd:38:b4:c5 [ether]  on macvlan
    ? (172.18.0.2) at 02:42:ac:12:00:02 [ether]  on br-76a7e1c010c9
    ? (192.168.40.6) at <incomplete>  on eth0
    ? (172.17.0.2) at 02:42:ac:11:00:02 [ether]  on docker0
    ? (192.168.40.6) at <incomplete>  on macvlan
    ? (192.168.40.1) at 00:22:bd:38:b4:c5 [ether]  on eth0
    Kodi:~ #
  • That's a well documented security feature of macvlan. It blocks connections between host and containers. And that is the reason we (linuxserver.io) don't recommend it unless absolutely necessary.


    For tvheadend multicast, use host networking instead

  • That's a well documented security feature of macvlan. It blocks connections between host and containers. And that is the reason we (linuxserver.io) don't recommend it unless absolutely necessary.


    For tvheadend multicast, use host networking instead


    Hey thanks for your replay, yeah I know about this security feature, but as you see, I need to do an exception here.

    The question is why it isn't working, no matter I tried to allow the communication following this guide: Using Docker macvlan networks · The Odd Bit