Swarm-Scoped Macvlan Network Setup for Wyze Bridge and Workarounds for IOTC Error #1471

maxfield-allison · 2025-04-10T23:19:13Z

maxfield-allison
Apr 10, 2025

Swarm-Scoped Macvlan Network Setup for Wyze Bridge

Hey everyone! I just wanted to share a detailed guide on how I set up a swarm-scoped macvlan network (with per-node IP ranges) for running Wyze Bridge in my Docker Swarm. It took a bit of trial and error, but once it all came together, it’s been rock solid, especially with OPNsense handling broadcast relays for Wyze discovery packets.

Note: This guide reflects the approach that worked for me within a Docker Swarm environment. The underlying concepts of macvlan networking, per-node IP management, and broadcast relaying can be distilled down to a single Docker engine setup or adapted to other networking architectures.

Below is an overview that walks through everything from macvlan creation to container deployment, plus a note on how I got broadcasts working across VLANs in OPNsense. Let me know if you have any questions!

Why a Per-Node macvlan Setup?

Local IP Ranges: Each Docker Swarm node can hand out IPs from its own slice of the subnet. That way, there’s no risk of IP conflicts if containers run on different nodes.
Broadcast Compatibility: If your router can forward UDP broadcasts (like OPNsense’s UDP Broadcast Relay plugin), you can keep devices on separate VLANs without breaking discovery traffic (for Wyze or other services).

Step 1: Clean Up Old Networks

First, I removed any existing macvlan_local or macvlan_swarm from each node, just to start fresh. You can safely skip this if it’s your first time:

docker network rm macvlan_local 2>/dev/null
docker network rm macvlan_swarm 2>/dev/null

Step 2: Create Local (Config-Only) macvlan Networks on Each Node

On each node, I created a config-only network that defines the unique IP range it should hand out. You can split your subnet by node and role (manager vs. worker). For example:

Manager Node 00 (10.40.0.0/24):

docker network rm macvlan_local 2>/dev/null

docker network create \
  --driver macvlan \
  --subnet=10.40.0.0/21 \
  --ip-range=10.40.0.128/27 \
  --gateway=10.40.0.1 \
  --opt parent=enp6s19 \
  --config-only macvlan_local

Worker Node 00 (10.40.0.0/24):

docker network rm macvlan_local 2>/dev/null

docker network create \
  --driver macvlan \
  --subnet=10.40.0.0/21 \
  --ip-range=10.40.0.160/27 \
  --gateway=10.40.0.1 \
  --opt parent=enp6s19 \
  --config-only macvlan_local

Repeat for every node, adjusting subnet slices as needed.

Step 3: Create the Swarm-Scoped macvlan Network

Once all nodes have their own macvlan_local, I created a single swarm-scoped network (I did this on a manager node):

docker network rm macvlan_swarm 2>/dev/null

docker network create \
  --driver macvlan \
  --scope swarm \
  --config-from macvlan_local \
  --attachable \
  macvlan_swarm

This sets up a global network called macvlan_swarm that references each node’s local IPAM config. Any container that joins macvlan_swarm on a given node automatically gets an IP from that node’s local range.

Example Service: Wyze Bridge

Below is a snippet from my docker-compose.yml (Swarm stack file). I attach the container to macvlan_swarm so it has a VLAN IP, and also to other internal networks for things like Traefik reverse proxying.

wyze-bridge:
  image: mrlt8/wyze-bridge:latest-hw
  ports:
    - 1936:1935
    - 8554:8554
    - 8888:8888
    - 5100:5000
    - 8889:8889
    - 8189:8189/udp
  dns:
    - 10.x.x.x
    - 10.x.x.x
  networks:
    - traefik_net
    - macvlan_swarm
    - net
  environment:
    - WB_IP=10.x.x.x  # Your container IP (or let Docker handle it)
    - WYZE_EMAIL=example@email.com
    - WYZE_PASSWORD=your-password-here
    - API_ID=****
    - API_KEY=****
    - QUALITY=HD120
    - WB_AUTH=False
    - FPS_FIX=true
    - ROTATE_DOOR=True
    - H264_ENC=h264_nvenc
  volumes:
    - /etc/localtime:/etc/localtime:ro
    - type: tmpfs
      target: /dev/shm
      tmpfs:
          size: 4294967296
    - /usr/lib/x86_64-linux-gnu/libnvidia-encode.so.1:/usr/lib/x86_64-linux-gnu/libnvidia-encode.so.1
    - /usr/lib/x86_64-linux-gnu/nvidia:/usr/lib/x86_64-linux-gnu/nvidia
  deploy:
    mode: replicated
    replicas: 1
    placement:
      constraints:
        - node.role == worker
        - node.labels.gpu == true
    labels:
      - "traefik.enable=true"
      # ...plus any other Traefik labels

This setup makes it very easy to scale Wyze Bridge across multiple nodes while keeping each instance on the same VLAN but with distinct IPs.

OPNsense: UDP Broadcast Relay for Wyze Discovery

I’m using OPNsense with the UDP Broadcast Relay plugin to forward Wyze discovery packets (UDP port 32761) between the VLAN that my cameras live on and the VLAN used by the macvlan network. You just need to:

Install/enable the plugin in OPNsense.
Add a relay for UDP 32761 (and any other required ports).
Update firewall rules to allow traffic between the VLANs.

That way, Wyze Bridge can detect and communicate with cameras despite being on a different VLAN.

Verifying

docker network inspect macvlan_swarm: Confirm "Scope": "swarm" and "ConfigFrom": { "Network": "macvlan_local" }.
Deploy a test container: It should get an IP from the node’s assigned range.
Check broadcast: If you’re relaying broadcasts in OPNsense, you should see discovery traffic pass correctly, and Wyze Bridge should detect cameras without issues.

Final Thoughts

This approach has been rock solid for me. Per-node IP management plus a swarm-scoped macvlan network keeps everything tidy and flexible. While this guide is based on my Docker Swarm configuration, the underlying concepts are versatile enough to be applied to a single Docker engine setup or other networking architectures. If anyone runs into snags or has any improvements, please jump in.

Hope this helps someone else as they tackle similar Docker Swarm + VLAN setups with Wyze Bridge. Feel free to fire away with any questions or ideas, and I’m happy to share more about my configuration details if needed.

maxfield-allison · 2025-04-10T23:21:28Z

maxfield-allison
Apr 10, 2025
Author

@mrlt8 I was thinking that we might be able to adapt these instructions into more universal guidance that would benefit others e.g. for those running the Home Assistant add-on or other configurations. Broadening the scope could help users who are working in single Docker engine setups or even different networking architectures, all while leveraging the same underlying principles.

Let me know if you'd be interested in collaborating on making these instructions more universally applicable. I’d love to help out in any way I can!

Cheers,
Max

2 replies

PerpSearch Apr 11, 2025

I appreciate your willingness to help resolve this mess and I for one would be very appreciative if this could be cobbled up or down to something more workable for me and my set up. I'm on a Syno 723+ running in a Docker container with a variety of Wyze cam models involved. At present all I have working is an older V2 on RTSP and I don't even know how.

maxfield-allison Apr 15, 2025
Author

Hey, I totally get where you're coming from. Synology setups like your 723+ don’t have full Docker Swarm or advanced networking by default, but the core ideas from my guide can be adapted to a single Docker engine setup like yours.

Here’s a simplified breakdown for getting Wyze Bridge working with a macvlan network on Synology:

Simplified Macvlan Setup for Synology Docker

1. Create a Macvlan Network (via SSH):
Synology's Docker GUI doesn’t support advanced drivers like macvlan, so you’ll need to SSH into the NAS and run:

docker network create \
  -d macvlan \
  --subnet=192.168.1.0/24 \
  --gateway=192.168.1.1 \
  -o parent=eth0 \
  macvlan0

Replace eth0 with the correct network interface (check with ip a)
Make sure the subnet and gateway match your LAN

2. Assign the Wyze Bridge container to macvlan0:
You can do this using Portainer or via command line. This gives Wyze Bridge its own LAN IP, which helps with discovery and stream stability.

3. Important: Wyze Discovery Needs UDP Broadcasts
If your cameras and Synology are on the same subnet, discovery should work as long as you're using macvlan.

If they’re on different VLANs, discovery may fail unless you relay UDP port 32761 broadcasts between VLANs. This usually requires something like OPNsense, a managed switch with UDP relay support, or a small helper device (Raspberry Pi running socat works too).

If you need more detailed instructions for setting up macvlan on synology, I found this handy guide that was written recently

scoob8000 · 2025-04-18T11:50:14Z

scoob8000
Apr 18, 2025

Mind sharing some of your opnsense settings? I'm not sure what to put for the source address and broadcast address in the udp relay plugin. And maybe an example of the firewall rules you created? My LAN vlan can get to any other vlans as is, but I'm imaging I need to allow UDP dst 32761 from the vlan the cams are in.

3 replies

maxfield-allison Apr 18, 2025
Author

Of course I have mine wide open for a reason (im lazy and dont want to mess with optimization when i have cooler things to do)

But you can narrow it down.

cameras are on the Security VLAN and wyze bridge is on a macvlan interface on the Container VLAN.

scoob8000 Apr 19, 2025

Success!!! I'm not doing any of the swarm stuff nor macvlan. My bridge is running in bridge mode where it has it's own IP in my private network. Got my v4 working by using the udp relay and a firewall rule.

I added the relay, and created a firewall rule to allow the ip of the wyze cam, to the ip of my container running the wyze bridge.

maxfield-allison Apr 19, 2025
Author

Great news! Drop an upvote on this thread so more people can find it! I also edited the title to be more relevant to the IOTC error.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Swarm-Scoped Macvlan Network Setup for Wyze Bridge and Workarounds for IOTC Error #1471

Uh oh!

{{title}}

Uh oh!

Replies: 2 comments 5 replies

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Uh oh!

Swarm-Scoped Macvlan Network Setup for Wyze Bridge and Workarounds for IOTC Error #1471

Uh oh!

maxfield-allison Apr 10, 2025

Swarm-Scoped Macvlan Network Setup for Wyze Bridge

Why a Per-Node macvlan Setup?

Step 1: Clean Up Old Networks

Step 2: Create Local (Config-Only) macvlan Networks on Each Node

Manager Node 00 (10.40.0.0/24):

Worker Node 00 (10.40.0.0/24):

Step 3: Create the Swarm-Scoped macvlan Network

Example Service: Wyze Bridge

OPNsense: UDP Broadcast Relay for Wyze Discovery

Verifying

Final Thoughts

Replies: 2 comments · 5 replies

Uh oh!

maxfield-allison Apr 10, 2025 Author

Uh oh!

PerpSearch Apr 11, 2025

Uh oh!

maxfield-allison Apr 15, 2025 Author

Simplified Macvlan Setup for Synology Docker

Uh oh!

scoob8000 Apr 18, 2025

Uh oh!

Uh oh!

maxfield-allison Apr 18, 2025 Author

Uh oh!

scoob8000 Apr 19, 2025

Uh oh!

maxfield-allison Apr 19, 2025 Author

maxfield-allison
Apr 10, 2025

Replies: 2 comments 5 replies

maxfield-allison
Apr 10, 2025
Author

maxfield-allison Apr 15, 2025
Author

scoob8000
Apr 18, 2025

maxfield-allison Apr 18, 2025
Author

maxfield-allison Apr 19, 2025
Author