I am running some frr (free range routing) and ceos (Arista) containers on an "Ubuntu Docker Host" which is running on Virtual Box on Windows 10.
I created a macvlan network (net3) and tied it to enp interface of Ubuntu and connected my containers to it. However I cannot access my containers using their interfaces connected to the macvlan network. I read about some limitations about network spaces between host and containers and saw macvlan network type as the solution to overcome those limitations. However it did not work.
Since my container is a router with multiple interfaces, I was expecting I can connect my new net3 network to my container. It would appear as a new new interface (it did) and when I assign an IP address from my home network to this interface, my router would be able to communicate to the outside directly using this interface`s IP address and bypass any sort of firewalling, NAT etc.
I know that we can use bridge networks connected to default docker0 network and which will then NAT outgoing connections from container and accept incoming connections if we publish a port etc. However what I want is to have a container with 2 interfaces, where one interface is in docker0 bridge and the other one is connected to the home network with an IP address from home network, which will expose it to the outside completely like a physical machine or my docket host Ubuntu VM.
I think i found a way to make this work.
What I do not understand now is that although the routing is disabled on the host, this "forward" rule has an impact on the traffic and it is actually working. I also did not need to add a rule traffic for return traffic. Default rules added by Docker during creation of the container seem to take care of this direction.