I use Synology NAS to host some of my internal home websites. For a while I had had using reverse proxy from Synology NAS but was soon hitting limitations. I wanted to have a new IP have a dedicate IP with full control so I could use Traefik and Tailscale to the full potentialy.
|Router DHCP IP Range||192.168.11-192.168.1.119|
|Macvlan reserved IP||192.168.1.200-192.168.1.207|
|Synology NAS IP assigned by router||192.168.1.10|
|Synology NAS IP when accessing from docker using macvlan network||192.168.1.206|
Update DHCP server allocation and reserve IP address
First you need to decide on a subnet IP address to reserve for Docker such that it doesn't conflict with others. I updated my router configuration to only allocate DHCP from
192.168.1.11-192.168.1.199. This allows me to reserve
192.168.1.200/29 in CIDR notation) for Docker containers. You can use this tool to calculate the subnet.
Create macvlan docker network
I then use the above configuration to create a macvlan docker network named
Due to isolation of container and host in macvlan, we use 192.168.1.206 as the NAS IP instead of the original NAS when communcating from docker containers to NAS when using macvlan.
To find parent network use
sudo ip link show.
sudo docker network create -d macvlan \ --subnet=192.168.1.0/24 \ --gateway=192.168.1.1 \ --ip-range=192.168.1.200/29 \ --aux-address 'host=192.168.1.206' \ -o parent=ovs_eth0 macvlan0
Create macvlan network
Create a macvlan network named
sudo ip link add macvlan0 link ovs_eth0 type macvlan mode bridge
Attach link to the NAS.
sudo ip addr add 192.168.1.206/32 dev macvlan0
Startup the macvlan
sudo ip link set macvlan0 up
Route packet address to IP address to the new link
sudo ip route add 192.168.1.200/29 dev macvlan0
Testing Macvlan IP
Now that we have setup the macvlan network we will create a sample nginx docker container to test the IP. We will manually assign
192.168.1.201 to this docker container. Navigating to the IP should show the nginx page.
sudo docker run --net=macvlan0 -dit --name nginx-test-01 --ip=192.168.1.201 nginx:alpine nginx-debug -g 'daemon off;'
Configurating macvlan on every reboot
Once you have verified, you can add a startup task via
Control Pannel>Task Schedule so it persist during every reboot.
ip link add macvlan0 link ovs_eth0 type macvlan mode bridge ip addr add 192.168.1.206/32 dev macvlan0 ip link set macvlan0 up ip route add 192.168.1.200/29 dev
Configurating OPNSense Router to access macvlan network in tailnet
Due to limitations in Synology NAS I wasn't able to get tailnet working on the macvlan IP. I installed tailscale on my OPNSense router and then ran the following command to expose the macvlan IP so I can access via Tailscale. You can then use
192.168.1.201 IP to access the above nginx docker image from tailnet instead of using tailscale IP.
sudo service tailscaled enable sudo service tailscaled start sudo tailscale up --advertise-routes=192.168.1.200/29 --advertise-exit-node --accept-routes=true