Problem with tailscale subnet and container in a macvlan network

I installed docker on my little Linux server 20.04 machine and ran a few services on it. Also, I installed Tailscale on the same server which enables me to access them from outside even behind NAT.

I can easily reach services installed on a docker bridge or host network because of port forwarding. For example, if I want to see my Plex and Portainer’s dashboard from my Smartphone (connected to a LTE network), it is that easy as running IP 100.40.x.x:32400 (plex) or 100.40.x.x:9000 (portainer) respectively in my smartphone’s browser. However, I am having some problem to reach my Pihole dashboard, running on the same linux server but on a MacVlan network; its IP is , say 192.168.3.13 (https://192.168.3.13), is on the same subnet of my physical LAN, say, 192.168.3.0/24 managed directly by my home router.
For the record, I read the article here:

and enabled ip forwarding on my linux machine as well.

I can see the new subnet in the "IP column on my Tailscale admin panel , but when I ran the command “tailscale ip -4”
I can see only the tailscale IP address assigned to the machine.

Also, I tried to connect from my smartphone’s browser to the pihole webUI which I installed as a docker container in my linux server (both my smartphone and my server run tailscale) on a macvlan. So, the Pihole’s IP laid on my home physical subnet. I get a message error in my smartphone’s browser: web page not availble, net:: ERR_CONNECTION_TIMED _OUT.

So, I don’t know what exactly might have gone wrong?
Could you please help me with this. Thanks

I found out that I can ping and even connect to other devices’ webUIs in my home subnet 192.168.3.0/24, thus there must be something wwrong with the docker macvlan network in my linux machine. Any advice?
Thanks

tailscale ip -4 will only ever show you the tailscale IP address assigned to the machine.

At first glance, I suspect it’s a route between the vlan and your physical LAN that is causing some misbehaviour, but there’s a lot happening here.

If you email support@tailscale.com with the Tailscale IP of one of the nodes on the macvlan, and a quick sketch of how your network is laid out, I might be able to get some clues from our telemetry to see how this is failing for you.

Please include a link to this thread so that we have this background info as well.

I don’t think I know how I could possibly do that.
The only node that works on that macvalan is a docker container. It’s pihole for the record.
Thanks

On Stack Overflow in a thread I ran across a user says, “…by design that host cannot reach its own containers through a macvlan network.” Maybe it has something to do with my issue as well.

Thanks

I too was running into this problem.

Here are my (rough) notes on how I solved it: Setup Pi-hole · Ketan Vijayvargiya (in case it helps someone else in future).