post/2018-03-12-using-docker-macvlan-networks/

[utterances-bot]

Using Docker macvlan networks · The Odd Bit

A question that crops up regularly on #docker is “How do I attach a container directly to my local network?” One possible answer to that question is the macvlan network type, which lets you create “clones” of a physical interface on your host and use that to attach containers directly to your local network. For the most part it works great, but it does come with some minor caveats and limitations.

https://blog.oddbit.com/post/2018-03-12-using-docker-macvlan-networks/

[patrickclery]

Thanks for this! I have an existing vlan I'm using for nginx-proxy-manager, but I'm led to believe I need a second one for a different feature: routing all traffic for some (not all) applications through a VPN.

I have a Synology NAS with 2x NIC cards that are connected to a switch, then connected to the router.

192.168.1.1 # router
192.168.1.2 # First NIC
192.168.1.4 # Second NIC

My goal is to use my Asus Merlin router (192.168.1.1) to take all traffic that comes from 192.168.1.4 and pass it through the VPN. Asus merlin has a rule to match only traffic from a given source IP (192.168.1.4, in this case) and send that through the VPN running on 192.168.1.1.

When I try to setup a second macvlan to use eth1 (192.168.1.4) it is giving me the error:

sudo docker network create -d macvlan -o parent=eth1 --subnet=192.168.1.0/24 --gateway=192.168.1.1 --ip-range=192.168.1.199/32 cloaked_network
Error response from daemon: failed to allocate gateway (192.168.1.1): Address already in use
failed to allocate gateway (192.168.1.1): Address already in use

This makes sense, but how do I get around this when both NIC on the machine use the same gateway? I could be thinking about this the wrong way.

Thanks - would appreciate it if you don't mind taking a look :)

P.S. This is how the NPM macvlan (running on eth0) looks:

sudo docker network create -d macvlan --subnet=192.168.1.0/24 --gateway=192.168.1.1 --ip-range=192.168.1.198/32 npm_network
# The bridge was created with the UI but I think the command would look like this:
sudo docker network create -d macvlan -o macvlan_bridge --subnet=192.168.10.0/24 --gateway=192.168.10.1 --ip-range=192.168.10.2/32 npm_bridge

and some other info:

$ sudo docker exec nginx-proxy-manager ip addr show eth1
109: eth1@if4: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP 
    link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.198/24 brd 192.168.1.255 scope global eth1
       valid_lft forever preferred_lft forever
nas:~$ sudo docker exec nginx-proxy-manager ip addr show eth0
107: eth0@if108: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP 
    link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.2/24 brd 192.168.10.255 scope global eth0
       valid_lft forever preferred_lft forever

[thunderwolf66102]

@macvlan Did you ever get ipv6 to work? ipv4 works without issue, but when I try the same on ipv6 it doesn't work.

[thunderwolf66102]

^ @jdeluyck

[ftruzzi]

@zilexa @larsks

I have installed PiVPN (Wireguard) directly on the host. When I remotely connect to PiVPN, I can access my LAN just fine, but not those 3 docker IP addresses :(

I was able to make this work with a similar setup by setting the macvlan network interface as default gateway for the docker network:

      config:
        - subnet: 192.168.88.0/24
          gateway: 192.168.88.96

This removes aux_addresses (it would conflict otherwise) but you can exclude it from the DHCP range anyway.

Then you can create the macvlan network as you specified:

sudo ip link add mynet-shim link eno1 type macvlan mode bridge
sudo ip addr add 192.168.88.96/32 dev mynet-shim
sudo ip link set mynet-shim up
sudo ip route add 192.168.88.96/29 dev mynet-shim

Hope it can help someone!

[meatalhead]

Does anyone running this on a Pi know how to run the following on boot? sudo ip link add mynet-shim link eno1 type macvlan mode bridge sudo ip addr add 192.168.88.96/32 dev mynet-shim sudo ip link set mynet-shim up sudo ip route add 192.168.88.96/29 dev mynet-shim

[larsks]

@meatalhead you could drop that in a file and run it at boot via a systemd unit. E.g., create something like /etc/setup-mynet.sh with the content:

#!/bin/sh
ip link add mynet-shim link eno1 type macvlan mode bridge
ip addr add 192.168.88.96/32 dev mynet-shim
ip link set mynet-shim up
ip route add 192.168.88.96/29 dev mynet-shim

Then create /etc/systemd/system/setup-mynet.service like this:

[Service]
Type=simple
ExecStart=/bin/sh /etc/setup-mynet.sh

[Install]
WantedBy=multi-user.target

And then enable the service:

systemctl enable setup-mynet

[ertechdesign]

Thank you very much for this useful walk through. I don't know what I'm doing wrong but I can't get past the last step:

docker network create -d macvlan -o parent=eth0 \
  --subnet 192.168.1.0/24 \
  --gateway 192.168.1.230 \
  --ip-range 192.168.1.60/27 \
  --aux-address 'host=192.168.1.200' \
  mynet

ip link add mynet-shim link eth0 type macvlan  mode bridge
ip addr add 192.168.1.200/32 dev mynet-shim
ip link set mynet-shim up
ip route add 192.168.1.60/27 dev mynet-shim

ip route add 192.168.1.60/27 dev mynet-shim returns RTNETLINK answers: Invalid argument. I'm logged in as root and my device is Synology DS218+.

Sorry I'm a beginner and can't figure this out. Could someone please help?

[ertechdesign]

I also checked my router and My DHCP is set to 192.168.1.1 - 192.168.1.59 and no device uses 192.168.1.60 - 192.168.1.99 so this should be OK too. Not sure where to look and how to fix this...

[cpedrero]

Amazing explanation! Thanks

[Tamadite]

Very good article, specially the use of the "shim" interface. For the record: if you are running Docker in a VM be aware of enabling promiscuous mode on the LAN host interface. I found information about it here: https://nathanielho.com/docker/macvlan01.html

[sohojmanush]

Stops working containers are not pingable, though the interface is up in ifconfig.

[mbierman]

Thank you for this tutorial! I have been running several docker containers for a long time on my Synology's default eth0 interface with some others. However, I want to move one container to my eth1 interface so so it is on a different VLAN. I want to run the container on 192.168.110.12 or greater.

I have done thi so far:

sudo ip link add mynet-shim link eth1 type macvlan mode bridge
sudo ip addr add 192.168.110.223/32 dev mynet-shim
sudo ip link set mynet-shim up
sudo ip route add 192.168.110.192/27 dev mynet-shim

Then I did this to try to start the container.

$ sudo docker run \
>     --name=unifi \
>     --hostname=unifi \
>     --env=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \
>     --env=BASEDIR=/usr/lib/unifi \
>     --env=DATADIR=/unifi/data \
>     --env=LOGDIR=/unifi/log \
>     --env=CERTDIR=/unifi/cert \
>     --env=RUNDIR=/var/run/unifi \
>     --env=ODATADIR=/var/lib/unifi \
>     --env=OLOGDIR=/var/log/unifi \
>     --env=CERTNAME=cert.pem \
>     --env=CERT_PRIVATE_NAME=privkey.pem \
>     --env=CERT_IS_CHAIN=false \
>     --env=GOSU_VERSION="$GOSU_VERSION" \
>     --env=BIND_PRIV=false \
>     --env=RUNAS_UID0=true \
>     --env=UNIFI_GID=999 \
>     --env=UNIFI_UID=999 \
>     --volume=/volume1/docker/UniFi:/unifi:rw \
>     --volume=/unifi \
>     --volume=/var/run/unifi \
>     --network=mynet-shim \
>     --workdir=/unifi \
>     --restart=always \
>     --log-driver=db --runtime=runc --detach=true -t jacobalberty/unifi:latest unifi
207e4210780e4393da79f12e618d232377998b315dd86eadbbbf14ec9bad3486

But I got an error

docker: Error response from daemon: network mynet-shim not found.

Can anyone suggest where my error is?

[omgitsheaven]

I think you have to assign the docker container to "mynet" rather than mynet-shim. As from what I understand, mynet-shim is only there to facilitate the routing between the macvlans.

[Banditen01]

Big applause, tx a lot working like a charm :-)

[GoldbergAlexander]

So, another solution I've found -- you can also bind locally running services to the docker bridge created for the macvlan.

[loay317]

Hello Guys I have the same situation with container that is created with macvlan , I fixed it by modifying forged transmit and promiscuity options for the docker host ( vm on ESX ) to accept instead of reject without need to create a new macvlan interface on the host

docker network create -d macvlan -o parent=ens192 --subnet 10.160.180.0/24 --gateway 10.160.180.1 --ip-range 10.160.180.192/27 mynet

then run docker run

[rooty0]

the other solution mentioned by GoldbergAlexander

version: "3"

services:
  macvlan_1:
    image: alpine
    container: macvlan_1
    command: ....
    restart: always
    networks:
      macvlan:
        ipv4_address: 172.18.1.0
      internalbr:
        ipv4_address: 10.123.0.2

networks:
  macvlan:
    driver: macvlan
    driver_opts:
      parent: ens192
      macvlan_mode: bridge
    ipam:
      driver: default
      config:
        - subnet: 172.18.0.0/22
          gateway: 172.18.0.1
          ip_range: 172.18.1.0/28

  internalbr:
    driver: bridge
    ipam:
      config:
        - subnet: 10.123.0.0/24

taken from here: https://stackoverflow.com/a/67835834/5149087

[rooty0]

Hey guys, one more thing. If you use Busybox, read this message. I spent like a whole day trying to figure out why this was not working for me and double-checked everything many times. I found the root cause it's Busybox. It looks like when you use "ip" command from Busybox, it behaves differently, tho it's not throwing any error, so it seems like it works. When you are using Busybox to create a new macvlan interface with ip link add mvesc link eth0 type macvlan mode bridge it's actually creating the interface in VEPA mode, not Bridge, and again as I said, it's not throwing any error. The solution is quite easy, just to download the ip tool binary and use it instead of Busybox build-in ip.

Here's what I get when I use Busybox

41: mvesc@eth0: <BROADCAST,MULTICAST,DYNAMIC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 7e:f6:7e:43:c6:0b brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 68 maxmtu 9000
    macvlan mode vepa addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535

and here's what I get when I use original ip binary

40: mvesc@eth0: <BROADCAST,MULTICAST,DYNAMIC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f0:cd:d0:2f:30 brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 68 maxmtu 9000
    macvlan mode bridge addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535

and again, it's the same command ip link add mvesc link eth0 type macvlan mode bridge produces different result

[Eirikr70]

I don't think that the solution proposed by GoldbergAlexander addresses the same point : it permits a bridge with containers, but not with the host unfortunately.

[GoldbergAlexander]

@Eirikr70 I think you could flow traffic from the network IP of the container to the hosts network IP?

[karoltheguy]

For those wondering how to gain persistence after reboots, simply add the last 4 commands into /etc/network/interfaces with "post-up" before each of them. Like this:

post-up ip link add mynet-shim link eno1 type macvlan mode bridge post-up ip addr add 192.168.1.223/32 dev mynet-shim post-up ip link set mynet-shim up post-up ip route add 192.168.1.192/27 dev mynet-shim

Edit: This is working for Debian 11

[larsks]

@k-rol The reason I didn't address this in the post is because the solution varies between distributions. The solution you've posted will work in older Debian-based distributions (principally, Debian and Ubuntu), but won't work under Fedora, CentOS, Arch, etc. Older versions of CentOS require different solutions than newer versions of CentOS, and newer versions of Ubuntu have moved away from /etc/network/interfaces in favor of Netplan.

tl;dr: The solution required to set up a persistent network configuration depends on the distribution and distribution version that you're using, and no single solution will cover everybody.

[karoltheguy]

@larsks Thanks for the clarification, I've edited my comment.

[rockxsj]

@v-marinkov Hi,can you share me your config?

[georgee1030]

Thanks for this. I came over after seeing your post in the synology article.

Question, do you know how the docker commands intersect with the docker network settings in Synology? It looks like Synology is doing some of the work itself, but I'm not sure which part.

[larsks]

@georgee1030 I'm not entirely sure what you're asking. For the record, while I am running Docker on my Synology I am not using macvlan networks there...I haven't tried out that particular configuration. That said, my experience with Docker in that environment is that things work pretty much just like any other Linux environment.

[georgee1030]

@larsks Thanks for replying. Without understanding the details I was trying to correlate what I was seeing in the Synology docker UI wrt to networking and reconcile it with what I was seeing at the linux level.

Ultimately, I was also able to avoid using macvlans on the synology.

I was worried because I was setting up a docker NGINX reverse proxy on synology to do API translation and forward the requests to Home Assistant running on the same synology box but in a VM. Fortunately, now that I've got it all installed and running properly, it seems that routing between docker images and the VM seems to work without me having to do anything specific.

[ctshiteya]

Thank you very much for this tutorial. Please, help me understand why the broadcast IP address ( --aux-address 'host=192.168.1.223' ) is being assigned to the host. The last usable address in the 192.168.1.192/27 subnet is 222. Thanks in advance for your help.

[firestrife23]

Using Ubuntu's netplan, we can make it persistent. The below is an IP address range example for the numbers 192.168.1.96 through 192.168.1.127, also known as the 192.168.1.96/27 network.

Additional Notes:

• IP addresses from 192.168.1.128 onward are assigned automatically by my router's DHCP server.
• I manually assigned 192.168.1.1 - 192.168.1.95 for local servers, managed switches, printers, etc.
• Tested on Ubuntu Server 20.04

/etc/netplan/01-netcfg.yaml

network:
  version: 2
  renderer: NetworkManager
  ethernets:
    # Set Static IP 192.168.1.10, and disabled DHCP for ipv4 and ipv6.
    eno1:
      dhcp4: no
      addresses:
        - 192.168.1.10/24
      gateway4: 192.168.1.1
      nameservers:
        addresses: [127.0.0.1, 1.1.1.1]
      dhcp6: no
  bridges:
    mynet-shim:
      interfaces: [eno1]
      addresses: [192.168.1.127/32]
      routes:
        - to: 192.168.1.96/27
          via: 192.168.1.127
  vlans:
    mynet-shim-macvlan:
      link: mynet-shim
      macvlan:
        mode: bridge

The preceding achieves the same results with ip commands:

ip link add mynet-shim link eno1 type macvlan mode bridge
ip addr add 192.168.1.127/32 dev mynet-shim
ip link set mynet-shim up
ip route add 192.168.1.96/27 dev mynet-shim

[phyesix]

Thanks for the great article. I worked for me but it only allows access from host -> container, and not the other way around. Any ideas on why that might be?

@ztsmith @Matt-CyberGuy @meliwex Do you find any solution for this? I am currently struggling with the same problem. If there is a solution, could you please share a sample code block here?

[Francis-perso]

Hi,

first, thanks A LOT for this workaround. If my host is 192.168.0.10, and my container on a macvlan-docker is 192.168.0.12, I found that assigning an IP to the bridge isn't necessary to work. Am I missing something ?

ip link add mynet-shim link enp0s3 type macvlan mode bridge
ip link set mynet-shim up
ip route add 192.168.0.12/32 dev mynet-shim

ping is working both ways with that.

[jgstroud]

Thank you for this great, very clear writeup. For those using a desktop distro with NetworkManager, the following command will accomplish the same result but will persist across boots

nmcli conn add type macvlan dev eno1 mode bridge ifname mynet-shim tap no ip4 192.168.1.223/27

[jgstroud]

As Francis-perso accurately pointed out, you do not need an IP assigned to the interface, only the route. Here is the NetworkManager command to do the same without assigning an IP

nmcli conn add type macvlan dev eno1 mode bridge ifname mynet-shim tap no ipv4.method disabled +ipv4.routes "192.168.1.192/27"

[dieterlind]

Hi! I can't make it work. My setup: -Synology NAS with Container Manager

• Network: 192.168.0.x
• MACVLAN: Subnet: 192.168.0.0/24, Gateway: 192.168.0.1, IP Range: 192.168.0.14/32
• Created new interface on Synology host: ip link add iobroker-shim link ovs_bond0 type macvlan mode bridge ip addr add 192.168.0.9/32 dev iobroker-shim ip link set iobroker-shim up ip route add 192.168.0.14/32 dev iobroker-shim
• I can ping 192.168.0.14 from the network
• But I can't ping 192.168.0.11 (host) from 192.168.0.14 (container) (all other IPs can be pinged).

Any ideas??

Thanks!

[CamFlyerCH]

I am at exactly the same point as @dieterlind above with my wg-easy container on my Synology NAS ! The macvlan bridge functions from host to container, but not from container to host.

[keitetran]

Same error with Synology docker. I get connection timeout error.

[keitetran]

hi, i get it working on synology

bridge – 192.168.50.4 Host – 192.168.50.12 AdGuard Home – 192.168.50.2 Traefik – 192.168.50.3 dmz_net – Name of the link

ip link add dmz_net link bond0 type macvlan mode bridge
ip addr add 192.168.50.4/24 dev dmz_net
ip link set dmz_net up
ip route add 192.168.50.2 dev dmz_net
ip route add 192.168.50.3 dev dmz_net

we need add it to task with root user on boot trigger.

[kuduacz]

Can you tell me how it shoud look if i wont some other ip's for containers? i mean for example 173.0.0.2 ?

[larsks]

@kuduacz you would in theory just following the instructions in this post and comments, but substitute your addresses for the 192.168.1.* addresses shown here. If after trying that you run into problems, feel free to include ask here with the details of your configuration.

I'd like to emphasize that in most cases, it makes much more sense to use port publishing rather than using a macvlan network.

[kuduacz]

@kuduacz you would in theory just following the instructions in this post and comments, but substitute your addresses for the 192.168.1.* addresses shown here. If after trying that you run into problems, feel free to include ask here with the details of your configuration.

I'd like to emphasize that in most cases, it makes much more sense to use port publishing rather than using a macvlan network.

Id like to attach specyfic ip to reach containers. Need to control then via adguard. But i have to Can access it via my cloudflare. Home wifi router 192.168.5.1 Net 192.168.5.0/24 Host with contsiners 192.168.5.61 and reach ing containers with ports. Containers in bridge mode 172.17.0.x but every host restart lidarr for exaplne got other ip. This is the reason why i have to use nvlan. But dont know how to do it to reach contsiners locally and how to config cloudflare tunel to reach it via domain for example lidarr.domain.com

[luiztosk]

thank you so much, this is the only place on the entire internet that has this info! Should be included on the official pi-hole docker docs.

[ebertek]

Hi Lars, thank you for this article! With this setup, you can reach the host from the containers using 192.168.1.223, but 192.168.1.24 will still not work, right?

[rajendargoyal]

@larsks

Thank you for this wonderful post ! This is the only place that I found some light at the end of the tunnel to my problem. But I guess i'm still missing something or getting it wrong somewhere. Would appreciate your help on this

OMV 7 - 192.168.0.101 AdGuard (on macvlan) - 192.168.0.95

macvlan was created using: sudo docker network create -d macvlan -o parent=enp1s0 \ --subnet=192.168.0.0/24 \ --gateway=192.168.0.1 \ --ip-range=192.168.0.95/32 \ --aux-address 'host=192.168.0.201' gipl

ip link add gipl-shim link enp1s0 type macvlan mode bridge ip addr add 192.168.0.201/32 dev gipl-shim ip link set gipl-shim up ip route add 192.168.0.95/32 dev gipl-shim

so as excpected - I was hoping to land on my Adguard by pointing to 192.168.0.201 - but I land instead on my OMV7 start page i.e 192.168.0.101

what am I missing or doing wrong here ?

Would appreciate any help coz this has been driving me nuts for a while now !

thanks in advance

[larsks]

@rajendargoyal what are the addresses 192.168.0.101 and 192.168.0.95 associated with? Are these assigned to interfaces on your host, or virtual machines, or hosts elsewhere on the network? How would OMV7 know to respond to the 192.168.0.201 address? I'm missing a lot of information that would help answer your question.

[rajendargoyal]

@larsks

192.168.0.101 is the static IP assigned to my OMV7 Machine. Its a separate physical system on which I have only OMV7 installed.

192.168.0.95 is the macvlan IP on the same machine.

Here is a iproute show output from this machine.

default via 192.168.0.1 dev enp1s0 proto static 10.88.0.0/16 dev cni-podman0 proto kernel scope link src 10.88.0.1 10.192.1.0/24 dev wgnet1 proto kernel scope link src 10.192.1.254 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 172.18.0.0/16 dev br-c8ddab799d84 proto kernel scope link src 172.18.0.1 192.168.0.0/24 dev enp1s0 proto kernel scope link src 192.168.0.101 192.168.0.95 dev gipl-shim scope link

Please let me know what other information I can provide you. Kindly excuse my ignorance if i've missed out anything critical. I'm only just getting started with linux and networking and all of this is quite new to me.

thanks for your time

[WACKYprog]

I found a bit simpler way to go about this using dhclient . This way you do not have to be concern with reserving the IP address

ip link add mynet-shim link eth0 type macvlan mode bridge dhclient mynet-shim ip route add 192.168.1.128/27 dev mynet-shim

[Djjvb]

@larsks

I've tried to set this up a little bit different, but I have the issue that I can't get DNS working from the host to pihole and underlying containers. Which is particularly annoying, since I can't get traefik to work with pihole. I thought I could connect via a internal docker network.

I am very new to this, but eager to learn. I've been trying to solve this for a month now (also with chatgpt), but without succes. Maybe I combined information which doesn't work or I didn't quite get the different concepts; I am limited in my knowledge. So I could really use your help.

I wanted pihole on a static network address, not being my docker host. I watched a video from Christian Lempa where he said it's best to assign 1 DHCP address DHCP (.253 in his case), since it can also work with assigned static addresses; I didn't want to 'lock' a relatively large dhcp macvlan range. I have created a macvlan network, assigned the ip range to .253, with static IP's for pihole on .2 and the additional interface to .254. This is different from your tutorial.

Just too be clear.. the whole network is working just fine pointing to pihole on it's macvlan IP, which is using unbound (in opnsense) as it's upstream recursive resolver. The only thing I can't seem to get working is the connection between the docker host and it's containers via dns. I can ping the pihole .2 IP and the interface .254 IP from the host and also from inside a container (traefik). But I can't ping .254 from inside the pihole container. No nslookups from the host or within the containers seem to work. They do work when I use an external dns like 8.8.8.8.

I've tried so much that it is impossible to sum up. But just to highlight:

• There is no docker FW and it doesn't seem that anything gets blocked. The communication is within the subnet, so my opnsense FW doesn't impact it. I even made special rules to allow anything between these IP's.
• The host DNS is pointing to pihole on .2 and the containers use the host dns (127.0.0.11:53)
• I've gone over the routes and interfaces multiple times. This comment is already long, but willing to share if needed.

My hypothesis is that there is no dns communication 'back' because of the issue that there is nog ping between .2 and .254. But maybe you can help me and point me in the right direction. As said, willing to share anything.

[Francis-perso]

Hi @Djjvb , Did you put any new route in place between your host and your container in macvlan ? If not, they can't see each other. Look above in other comments.

[Djjvb]

Hi @Francis-perso,

Thank you for your response! And yes I did (hope I did it correctly). Here are the routes on the host:

default via 192.168.30.1 dev ens18 proto dhcp src 192.168.30.200 metric 100 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 172.18.0.0/16 dev br-aaf5812fe1a3 proto kernel scope link src 172.18.0.1 172.19.0.0/16 dev br-ec1cdc0a31a5 proto kernel scope link src 172.19.0.1 linkdown 192.168.30.0/24 dev macvlan_pihole proto kernel scope link src 192.168.30.254 192.168.30.0/24 dev ens18 proto kernel scope link src 192.168.30.200 metric 100 192.168.30.1 dev ens18 proto dhcp scope link src 192.168.30.200 metric 100 192.168.30.2 dev ens18 proto dhcp scope link src 192.168.30.200 metric 100

[yo-less]

ip route add 192.168.1.60/27 dev mynet-shim returns RTNETLINK answers: Invalid argument. I'm logged in as root and my device is Synology DS218+.

Sorry I'm a beginner and can't figure this out. Could someone please help?

I had the same problem and just for further reference, if anyone comes across this looking for help - you need to change your last command to

ip route add 192.168.1.32/27 dev mynet-shim

It has to be the first IP in the range for the command to work and your IP range starts at 192.168.1.32 and goes all the way to 192.168.1.63