Docker with macvlan networking on Synology DSM6+

To me, to you

Following on from my other story about DDNS and TLS with Cloudflare, I now want to extend the services on my Synology NAS to include Pihole, DNSCrypt, others; ideally using Docker, rather than some of the SynoCommunity images. This additionally gives me the flexibility of extending networking for dedicated IP addresses, so I don’t have to worry about exposing ports on the host, which is difficult enough with LetsEncrypt certificate renewals as it is.

Installing Docker is relatively straight forward — no doubt you’ve done this already. My main issue when creating my first Docker services was understanding which physical interface use as parent for my Docker_macvlan switch. So, let’s run through the basics first.

Host Networking

SSH to your Syno Nas and run the following command:

$ ip link show

You’ll be surprised to learn, this displays all the IP links on your NAS. If, like me, you’ve made changes and tweaks over the years and forgotten all about them, you’ll see interfaces and configurations that will spark memories of happier times. Here’s my current output below:

delicious console output
  1. (1) loopback
  2. (2) sit0 for ipv6 — ipv4 tunneling
  3. (3–6) my physical NICs
  4. (7–15) my Virtual switch LAN ports
  5. 35, 51, 85 docker, macvlan and a vpn connection

What’s important here, is that when you create a macvlan switch, you need to understand *which* physical adapter to connect it to. In my case, when I run

ip link add macvlan0 link eth0 type macvlan mode bridge

This fails. Why? Because I also have Synology Virtual Machine manager installed, and within *its* networking configuration, I have Virtual Network 0 attached to eth0:

delicious gui output

Follow-up question: do you have any networking bonding on your physical NICs? This will show up as bond-system, bond0, etc. and again, when you try to create a Docker macvlan, will fail unless you connect it to the right interface.

Armed with this, I can now run the following commands:

$ ip link add macvlan0 link ovs_eth0 type macvlan mode bridge
$ ip addr add dev macvlan0 # -

Which creates the interface successfully. Note, my network is I have pushed my vlan up to this range, narrowed my main networks DHCP range, to avoid IP clashes, and gives me 35 or so docker IP addresses to run my services.

Finally, I can then run docker commands to create a test network on my new switch. Again, note that this is using my physical IP configuration on my primary network for gateway and subnet:

sudo docker network create --driver=macvlan --gateway= --subnet=  —-ip-range= --opt parent=ovs_eth0 test-docker-net

and remove it again, as I’ll be creating my networks inside my docker-compose files:

sudo docker network rm test-docker-net


Check your networking! Understand your main internal network range, your main dhcp_scopes (to avoid clashes) and a quick ip link show can help you remember networking configurations you have long forgotten about, as well as avoiding frustration when copying/pasting docker code from github.




Is this bio too short? Or is it just the right length?

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

A Semi-Dive into MVC

How to root Eurostar epad 3 et1002c d12 8gb

Root LG Phone

October Development Recap Of StaFi Protocol

Which Programming Language Do I Pick for My Project?

Week 1: Raven a cloud-native API monitoring tool to monitor the health of 3rd party APIs

Gaining efficiency with iTerm Prompt customization on MacOS

Fusion 360💗Python

Top 20 Developer Tools for 2020

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Is this bio too short? Or is it just the right length?

More from Medium

OpenAPI Tools by OxygenXML

Scientific visualization in the clouds.

OpenBSD GitLab Runner Setup

Tracking Open Source Compliance in Docker Apps