I have a setup where the host has a nic setup in promiscuous mode. It is ingesting a spanned port from a switch.
I was able to add a “physical” nic to the container and it worked great! The issue I have is that more then one container needs this nic from the host.
I have added nics to the containers using macvlan mode with the promiscuous nic as the “parent” and all I receive are ARP requests in the containers, while the host sees the ARP and much more tcp/udp traffic.
My goal is to have the one promiscuous nic on the host, available to multiple containers as I need a container making pcap and another running an IDS.
I’m assuming I am missing something simple, it almost seems like the “macvlan” is filtering the traffic in someway…Thank you for taking the time to read/respond.