Network bridge to my physical network

[kiryasolod]

Operating system

Ubuntu 24.04

Description

I have 20.20.20.0/24 network inside MacOS but I need 192.168.1.0/24
How to do it? I tried to add some configs to compose file but it changed only the IP address for VNC, so now I connect to 192.168.1.230:8006 instead of localhost:8006. The address of MacOS itself remains the same

Docker compose

services:
  osx:
    image: dockurr/macos
    container_name: macos
    networks:
      macvlan_network:
        ipv4_address: 192.168.1.230
    environment:
      VERSION: "sonoma"
      DISK_SIZE: "30G"
      RAM_SIZE: "6G"
      CPU_CORES: "4"
      ARGUMENTS: "-device usb-host,vendorid=0x1234,productid=0x1234"
    devices:
      - /dev/kvm
      - /dev/bus/usb
    cap_add:
      - NET_ADMIN
    ports:
      - 8006:8006
      - 5900:5900/tcp
      - 5900:5900/udp
    stop_grace_period: 2m
    volumes:
      - /home/garrus/osx:/storage
networks:
  macvlan_network:
    driver: macvlan
    driver_opts:
      parent: wlp0s20f3
    ipam:
      config:
        - subnet: 192.168.1.0/24
        - gateway: 192.168.1.1

Docker log

[+] Running 1/0
 ✔️ Container macos  Created                                                                                                                                                               0.0s
Attaching to macos
macos  | ❯ Starting macOS for Docker v1.07...
macos  | ❯ For support visit https://github.com/dockur/macos
macos  | ❯ CPU: 12th Gen Intel Core TM i5 12500H | RAM: 11/16 GB | DISK: 48 GB (ext4) | HOST: 6.8.0-11...
macos  |
macos  | ❯ Booting macOS 1920x1080 using QEMU v8.2.4...
macos  |
BdsDxe: failed to load Boot0080 "Mac OS X" from PciRoot(0x0)/Pci(0xA,0x0)/VenMedia(BE74FCF7-0B7C-49F3-9147-01F4042E6842,C721072703DFDF44A2EDE14FCF3272E0)/\8BB805C3-BC2A-475C-A66E-EF417F138315\System\Library\CoreServices\boot.efi: Not Found
macos  | BdsDxe: failed to load Boot0001 "UEFI Misc Device" from PciRoot(0x0)/Pci(0xA,0x0): Not Found
macos  | BdsDxe: loading Boot0002 "UEFI Misc Device 2" from PciRoot(0x0)/Pci(0x5,0x0)
macos  | BdsDxe: starting Boot0002 "UEFI Misc Device 2" from PciRoot(0x0)/Pci(0x5,0x0)
macos  | #[EB|LOG:EXITBS:END] _
macos  | #[EB.BST.FBS|-]
macos  | #[EB|B:BOOT]
macos  | #[EB|LOG:HANDOFF TO XNU] _
macos  | ======== End of efiboot serial output. ========

Screenshots (optional)

If I set the parameters manually, I lose my connection, I cannot ping google.com, for example

[kroese]

You can use these steps:

https://github.com/dockur/windows#how-can-windows-acquire-an-ip-address-from-my-router

They are for the Windows container, but also apply to this macOS container.

[nref]

Is there a way to bridge if the host machine is Windows? When I followed the steps above, docker gave an error that macvlan is not supported on Windows.

[kroese]

@nref No, macvlan is not supported on Windows. But depending on what you are trying to accomplish there might be other ways?

[nref]

Thanks for your response, and that was a thoughtful way of asking "why?"

I'd like...

• to use another VNC app than the browser
• the macOS guest to be able to reach Windows file shares on my network.

[kroese]

For both of those things you do not need macvlan at all.

To use a different VNC app you can just connect to port 5900 (vnc) instead of 8600 (web).

To reach Windows shares on your network you can reach them by IP (\\192.168.0.2\Data for example) instead of by their name.

[nref]

Thanks again.

For VNC, what IP do I enter in my VNC client?

For SMB, the guest cannot see my server (which is also the docker host), and can't ping it.

The IP of macOS is 20.20.20.21, netmask 0xffffff00.

My docker-compose.yml file:

services:
  macos:
    image: dockurr/macos
    container_name: macos
    environment:
      VERSION: "14"
      RAM_SIZE: "16G"
      CPU_CORES: "16"
      DISK_SIZE: "512G"
    devices:
      - /dev/kvm
    volumes:
      - F:/macos14/storage:/storage
    cap_add:
      - NET_ADMIN
    ports:
      - 8006:8006
      - 5900:5900/tcp
      - 5900:5900/udp
    stop_grace_period: 2m

[nref]

I was able to answer my own questions:

For VNC, what IP do I enter in my VNC client?

From the host, enter localhost:5900 into the VNC client

To reduce confusion, stop any VNC server on the host.

This cost me some time as I thought I was dealing with docker issues: I had TightVNC running on my Windows host, and the TightVNC client would hit that and throw the error "Sorry, loopback connections are not allowed". RealVNC does better: it will hit the local server only if the guest macOS container is not running and only otherwise throw the same loopback error.

For SMB, the guest cannot see my server (which is also the docker host), and can't ping it.

From the guest, use host.docker.internal to reach services on the host.
e.g. from Finder, Go > Connect to Server > Enter smb://host.docker.internal

[nref]

I pursued an answer to the natural follow-up question: "How do I access services on the guest macOS container, hosted on Windows, from outside the host machine?"

Old (Incorrect) Answer

Since docker does not support bridged networking on Windows, an alternative is netsh interface portproxy. The following command exposes port 5900 in the container as port 5900 on the host. After running this command as admin on the Windows host, I can VNC into the guest macOS container from other machines on the local network, using the host machine's IP address.

netsh interface portproxy add v4tov4 listenport=5900 listenaddress=0.0.0.0 connectport=5900 connectaddress=127.0.0.1

then

vnc://<host IP address>:5900

New Answer

No action is needed. Docker takes care of opening firewall ports and exposing ports outside the host.