The macvlan network driver is especially useful for containerizing applications which need full layer 2 LAN connectivity. This is most often the case when the application relies on broadcast and multicast datagrams, and it is not feasible to set up multicast routing or broadcast forwarding (although this also can be achieved on Podman, I will not cover it on this blog post).
If you spawn containers on a network that uses the macvlan driver, by default you enable them to reach the layer 2 network to which the parent interface is connected, but they won't be able to talk to the host, and that's because the default Linux network namespace is missing the necessary routes and macvlan virtual interface. On a Debian system, you can add this configuration to your /etc/network/interfaces file so that the virtual interface and the corresponding routes are brought up at boot:
auto macvlan0
iface macvlan0 inet static
address 192.168.0.15/32
pre-up ip link add macvlan0 link enp2s0 type macvlan mode bridge
up ip route add 192.168.0.16/32 dev macvlan0
up ip route add 192.168.0.17/32 dev macvlan0
post-down ip link del macvlan0
In this example, I have set up a macvlan network that has the enp2s0 NIC as its parent. The host will use address 192.168.0.15 on the macvlan network (note that this is not the same address that is configured on enp2s0).
The pre-up command sets up a macvlan interface on enp2s0, the up commands set up routing once the link is active, and the post-down deletes the macvlan interface.
If you prefer using iproute2 commands (for example, you can append them to rc.local), you can do the following:
ip link add macvlan0 link enp2s0 type macvlan mode bridge
ip addr add 192.168.0.15/32 dev macvlan0
ip link set macvlan0 up
ip route add 192.168.0.16/32 dev macvlan0 # container 1
ip route add 192.168.0.17/32 dev macvlan0 # container 2
# ...