Docker & Docker-Compose setup issues with ipvlan network

agps · January 14, 2026, 9:30pm

Hi everyone,

I’m trying to set up several containers on my TS-264, first using Docker Compose, but that didn’t work. So I tried starting simpler with just plain Docker, but that’s also failing.

At the end, I need to run 4 containers that can communicate with each other. The plan is:

3 containers on an ipvlan network.
1 container in host mode (because it needs to access the USB port).

To keep things simple for testing, I wrote a basic script that pulls and runs an Alpine container.

Here’s my script:

#!/bin/sh

# 1. verwijder de alles
docker network rm qnap-ipvlan 2>/dev/null || true
docker rm -f alpine 2>/dev/null || true

# 2. Maak ipvlan netwerk (L2 mode)
# docker network create -d ipvlan --subnet=10.159.2.0/24 --gateway=10.159.2.4 --ip-range=10.159.2.96/28 -o parent=eth1 -o ipvlan_mode=l2 qnap-ipvlan

docker network create -d ipvlan --subnet=10.159.2.0/24 --gateway=10.159.2.4 --ip-range=10.159.2.96/28 -o parent=eth1 -o ipvlan_mode=l2 -o ipvlan_flags=bridge -o com.docker.network.driver.mtu=1500 qnap-ipvlan

# 3. Wwerkt het
docker network inspect qnap-ipvlan

# 4. Test met alpine continer
docker run -it --rm --network=qnap-ipvlan --ip=10.159.2.109 alpine sh -c "ping -c 2 10.159.2.4 && ping -c 2 10.159.2.10"

# 5. Alpine bereikbaar
# Vanaf QNAP zelf:
curl -I http://10.159.2.109 2>/dev/null || echo "Testing connection"

And this is the result/error I get:

[/share/Container/docker-compose] # chmod ug+x ./setup_IPvlan_alpine.sh
[/share/Container/docker-compose] # ./setup_IPvlan_alpine.sh
qnap-ipvlan
9f3dbd6a27cfa1812--------636471f5893ba6b38bf15f7b2c
[
    {
        "Name": "qnap-ipvlan",
        "Id": "9f3dbd6a27cfa1812a----3b31636471f5893ba6b38bf15f7b2c",
        "Created": "2026-01-14T22:05:40.655178454+01:00",
        "Scope": "local",
        "Driver": "ipvlan",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "10.159.2.0/24",
                    "IPRange": "10.159.2.96/28",
                    "Gateway": "10.159.2.4"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {},
        "Options": {
            "com.docker.network.driver.mtu": "1500",
            "ipvlan_flags": "bridge",
            "ipvlan_mode": "l2",
            "parent": "eth1"
        },
        "Labels": {}
    }
]
docker: Error response from daemon: failed to create the ipvlan port: device or resource busy.
Testing connection

The main error I’m hitting is:
“docker: Error response from daemon: failed to create the ipvlan port: device or resource busy.”

Why does this “device or resource busy” ipvlan error appear? How can I fix this so I can move forward with the setup?

Any advice or suggestions would be really appreciated

thanks in advance!

NA9D · January 15, 2026, 12:00am

Is there a reason you need to use VLANs for this? QNAP puts all containers on their own network by default…

agps · January 15, 2026, 4:30am

First thank you for your time. Did want to reply sooner, but for some reason I did keep getting ‘gateway time out’ when I try to log in.

Second yes there is a reason.

The default Container station is that services are exposed via port mapping (port forwarding).

However, my reason for wanting a custom ipvlan network is driven by several architectural and operational needs: An ipvlan network allows containers to have their own dedicated, routable IP addresses on my existing LAN subnet, without NAT. This makes them behave like physical devices on the network, which is essential for a direct container-to-container communication using fixed IPs. Allowing other devices on my LAN to reach containers directly without going through host port mappings.

ipvlan L2 mode has less overhead than Docker’s default bridge (which uses NAT and iptables rules). It’s also simpler for my use case because, I don’t need and want to manage a forest of port mappings and to remeber things while I am busy with the purpose of the container.

Using Docker Compose or scripts with a defined ipvlan network makes the setup self-documenting and portable. I can copy and keep reproducing if needed the exact same network configuration on another Docker host (not necessarily QNAP) by adjusting only the parent interface.

Beside my preferences and what I want, the so operational needs. I am more focused why I get the notification about the ‘port is in use. Can you or someone help me with that?

Thank you.

NA9D · January 15, 2026, 2:32pm

Thank you for your post. I have always assumed that the additional networks created by ContainerStation in Network and Virtual Switch were their own actual routable networks. Is that not the case?

agps · January 15, 2026, 9:50pm

Based on my understanding of Container Station, you can select network modes like ‘host’, ‘bridge’, and a VLAN type (macvlan?).

You likely know more than I do, but I couldn’t find a way to assign a static IP to each container—without using port forwarding—while still allowing them to communicate directly with one another. I haven’t found any examples that achieve this. When I try to use bridge mode with a static IP, the container setup hangs whenever I attempt to select a folder. This issue, along with the time required and the overall goal, discouraged me from experimenting further.

Creating a reusable configuration in Container station feels like too much effort, especially if I want to move it to another QNAP or a different system later. I really need a solution that applies all the necessary settings in one step or setup.

Update:

By the way, I just discovered the cause of the error. The QNAP was configured with a virtual interface, which was blocking eth1.100 and vsc0 (or something similar). Docker—or the system itself—then defaulted to eth0.

I resolved part of this by running ip link set eth1 promisc on, which allowed the physical interface to accept multiple IP addresses.

Now the containers can communicate with each other, but strangely, the host cannot communicate with the containers.

agps · January 15, 2026, 10:22pm

Just finished a test script. May be someone can help with this.



#!/bin/sh

echo “1. Oude containers verwijderen”
docker rm -f container-a container-b 2>/dev/null || true
docker network rm qnap-ipvlan-static

echo “=== 1. HUIDIGE NETWERK CONFIGURATIE ===”
echo “Eth1 IP adres:”
ip addr show dev eth1 | grep inet
echo “—”
echo “Eth1 link status:”
ip link show eth1

echo “=== 2. OUDE NETWERKEN VERWIJDEREN ===”
docker network rm qnap-ipvlan 2>/dev/null || true

echo “=== IPVLAN NETWERK MET VASTE IPs ===”

echo “1. Promiscuous mode aanzetten”
ip link set eth1 promisc on

echo “2. IPVLAN netwerk maken met naam 'qnap-ipvlan-static'”
docker network create -d ipvlan --subnet=10.159.2.0/24 --gateway=10.159.2.4 --ip-range=10.159.2.96/28 -o parent=eth1 -o ipvlan_mode=l2 qnap-ipvlan-static

echo “3. Container A starten met vaste IP 10.159.2.101”
docker run -d --name container-a --network=qnap-ipvlan-static --ip=10.159.2.101 alpine sleep 300
sleep 4

echo “4. Container B starten met vaste IP 10.159.2.102”
docker run -d --name container-b --network=qnap-ipvlan-static --ip=10.159.2.102 alpine sleep 300
sleep 4

echo “=== 5. NETWERK TESTS ===”

echo “Test 1: Container A naar Container B”
docker exec container-a ping -c 2 10.159.2.102

echo “Test 2: Container B naar Container A”
docker exec container-b ping -c 2 10.159.2.101

echo “Warning ---- ICMP staat in de FW als geblokkeerd”
echo “Test 3: Container A naar Gateway”
docker exec container-a ping -c 2 10.159.2.4

echo “Test 4: Container B naar Gateway”
docker exec container-b ping -c 2 10.159.2.4

echo “Test 5: Host naar Container A”
ping -c 2 10.159.2.101

echo “Test 6: QNAP naar Container B”
ping -c 2 10.159.2.102

echo “=== 6. TESTS VANAF EXTERN APPARAAT ===”
echo “Door extern apparaat uitvoeren:”
echo "  ping 10.159.2.101"
echo "  ping 10.159.2.102"

#echo “=== 7. OPRUIMEN ===”

#docker rm -f container-a container-b

#docker network rm qnap-ipvlan-static

The result of the script with the not working connection host to the containers. Goes about test 5 and 6. Did for this test turn off ICMP FW.

“[/share/Container/docker-compose] # ./setup3_IPvlan_alpine.sh

1. Oude containers verwijderen

container-a

container-b

qnap-ipvlan-static

=== 1. HUIDIGE NETWERK CONFIGURATIE ===

Eth1 IP adres:

    inet 10.159.2.10/24 brd 10.159.2.255 scope global eth1

---

Eth1 link status:

3: eth1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000

    link/ether 24:5e:be:6d:3d:05 brd ff:ff:ff:ff:ff:ff

=== 2. OUDE NETWERKEN VERWIJDEREN ===

=== IPVLAN NETWERK MET VASTE IPs ===

1. Promiscuous mode aanzetten

2. IPVLAN netwerk maken

068597243bb2b05a185ef754a9eb00f0e06918b60028b01da9d159878e2b68be

3. Container A starten met vaste IP 10.159.2.101

afbffd4314f94c1f38fdd992a53761da092d3c037ab63a8d03d3f293e5becbd3

4. Container B starten met vaste IP 10.159.2.102

7daaad6cf1b1d2a0f549a41597dfc68a302fc809cd4f4f585101d055580f4076

=== 5. NETWERK TESTS ===

Test 1: Container A naar Container B

PING 10.159.2.102 (10.159.2.102): 56 data bytes

64 bytes from 10.159.2.102: seq=0 ttl=64 time=0.329 ms

64 bytes from 10.159.2.102: seq=1 ttl=64 time=0.076 ms



--- 10.159.2.102 ping statistics ---

2 packets transmitted, 2 packets received, 0% packet loss

round-trip min/avg/max = 0.076/0.202/0.329 ms

Test 2: Container B naar Container A

PING 10.159.2.101 (10.159.2.101): 56 data bytes

64 bytes from 10.159.2.101: seq=0 ttl=64 time=0.072 ms

64 bytes from 10.159.2.101: seq=1 ttl=64 time=0.070 ms



--- 10.159.2.101 ping statistics ---

2 packets transmitted, 2 packets received, 0% packet loss

round-trip min/avg/max = 0.070/0.071/0.072 ms

ICMP staat in de FW als geblockeerd

Test 3: Container A naar Gateway

PING 10.159.2.4 (10.159.2.4): 56 data bytes

64 bytes from 10.159.2.4: seq=0 ttl=64 time=0.487 ms

64 bytes from 10.159.2.4: seq=1 ttl=64 time=0.257 ms



--- 10.159.2.4 ping statistics ---

2 packets transmitted, 2 packets received, 0% packet loss

round-trip min/avg/max = 0.257/0.372/0.487 ms

Test 4: Container B naar Gateway

PING 10.159.2.4 (10.159.2.4): 56 data bytes

64 bytes from 10.159.2.4: seq=0 ttl=64 time=0.417 ms

64 bytes from 10.159.2.4: seq=1 ttl=64 time=0.231 ms



--- 10.159.2.4 ping statistics ---

2 packets transmitted, 2 packets received, 0% packet loss

round-trip min/avg/max = 0.231/0.324/0.417 ms

Test 5: Host naar Container A

PING 10.159.2.101 (10.159.2.101): 56 data bytes



--- 10.159.2.101 ping statistics ---

2 packets transmitted, 0 packets received, 100% packet loss

Test 6: QNAP naar Container B

PING 10.159.2.102 (10.159.2.102): 56 data bytes



--- 10.159.2.102 ping statistics ---

2 packets transmitted, 0 packets received, 100% packet loss

=== 6. TESTS VANAF EXTERN APPARAAT ===

Vanaf extern apparaat uitvoeren:

  ping 10.159.2.101

  ping 10.159.2.102”

ping 10.159.2.101 and ping 10.159.2.102 both are working from other devices.