Problem with tailscale subnet and container in a macvlan network

I installed docker on my little Linux server 20.04 machine and ran a few services on it. Also, I installed Tailscale on the same server which enables me to access them from outside even behind NAT.

I can easily reach services installed on a docker bridge or host network because of port forwarding. For example, if I want to see my Plex and Portainer’s dashboard from my Smartphone (connected to a LTE network), it is that easy as running IP 100.40.x.x:32400 (plex) or 100.40.x.x:9000 (portainer) respectively in my smartphone’s browser. However, I am having some problem to reach my Pihole dashboard, running on the same linux server but on a MacVlan network; its IP is , say (, is on the same subnet of my physical LAN, say, managed directly by my home router.
For the record, I read the article here:

and enabled ip forwarding on my linux machine as well.

I can see the new subnet in the "IP column on my Tailscale admin panel , but when I ran the command “tailscale ip -4”
I can see only the tailscale IP address assigned to the machine.

Also, I tried to connect from my smartphone’s browser to the pihole webUI which I installed as a docker container in my linux server (both my smartphone and my server run tailscale) on a macvlan. So, the Pihole’s IP laid on my home physical subnet. I get a message error in my smartphone’s browser: web page not availble, net:: ERR_CONNECTION_TIMED _OUT.

So, I don’t know what exactly might have gone wrong?
Could you please help me with this. Thanks

I found out that I can ping and even connect to other devices’ webUIs in my home subnet, thus there must be something wwrong with the docker macvlan network in my linux machine. Any advice?

tailscale ip -4 will only ever show you the tailscale IP address assigned to the machine.

At first glance, I suspect it’s a route between the vlan and your physical LAN that is causing some misbehaviour, but there’s a lot happening here.

If you email with the Tailscale IP of one of the nodes on the macvlan, and a quick sketch of how your network is laid out, I might be able to get some clues from our telemetry to see how this is failing for you.

Please include a link to this thread so that we have this background info as well.

I don’t think I know how I could possibly do that.
The only node that works on that macvalan is a docker container. It’s pihole for the record.

On Stack Overflow in a thread I ran across a user says, “…by design that host cannot reach its own containers through a macvlan network.” Maybe it has something to do with my issue as well.


I too was running into this problem.

Here are my (rough) notes on how I solved it: Setup Pi-hole · Ketan Vijayvargiya (in case it helps someone else in future).