Containers sharing the same network as the host device
Containers sharing the same network as the host device
I manage Docker containers inside a VM in my local network. Traffic from my homelab isn’t allowed to reach management networks like PFSense or UniFi. I need one container to check uptime on management devices using Uptime Kuma. I’m new to Docker and wonder if I should use MACVLAN or IPVLAN for this. From what I understand, MACVLAN gives the container its own MAC address while sharing the host’s IP, whereas IPVLAN assigns a unique IP to each container. This would let me target only the specific IP needed. Regarding security, using IPvLAN helps isolate traffic and reduces exposure, but MACVLAN could still be risky if not managed carefully. I’m unsure about firewall rules and subnet restrictions, so I should focus on the network layer.
macvlan gives each device a distinct MAC address and an IP address.
ipvlan provides a unique IP to every device but shares the same MAC as its parent, which can cause problems with DHCP and IPv6 assignments across multiple devices.
macvlan may impact Wi-Fi performance or even interfere with network operations due to port limitations on NICs and switches.
Some network cards and switches have restrictions on how many MAC addresses a port can support, so heavy traffic through one port might slow things down.
I believe macvlan is more suitable here, assuming you’re not connecting that many devices to a single port.
Regarding wireless security, it’s good to verify your firewall settings with the VM software—ensure filtering rules are correctly configured.
Thanks for the clear setup. I’m using Proxmox as my hypervisor, Ubuntu as the Docker host, PFSSense for security, and UniFi for networking. I’m considering testing macvlan to understand its impact. I’m still learning about network layers and firewall behavior, plus how multiple MAC addresses and IPs on a single port affect routing.