Bridge network routing to multiple network interfaces

Product support balenaOS
1

We have devices with 2 network cards (enp1s0 and enp2s0).

enp1s0 is connected to the internet router
enp2s0 is connected to a local network with camera’s

root@acae24e:~# nmcli c 
NAME                UUID                                  TYPE      DEVICE      
Wired connection 2  ecc5dbda-df6b-3fc3-98ec-29f19d744347  ethernet  enp2s0      
Wired connection 1  11b93392-e0aa-3a02-a610-25024055af73  ethernet  enp1s0      
supervisor0         5d512701-abed-472c-ba6e-ec3b44d692ef  bridge    supervisor0

We want the balena device to act as a router for the camera’s.
With nmcli, we did set
pv4.method: shared
ipv4.addresses: 10.10.1.1/24

This works as expected.
The camera’s got IP’s from the Balena DHCP server.

root@acae24e:~# ip neigh
10.10.1.77 dev enp2s0 lladdr b8:a4:4f:45:39:ce used 0/0/0 probes 1 STALE
10.10.1.121 dev enp2s0 lladdr b8:a4:4f:32:c9:04 used 0/0/0 probes 1 STALE
10.10.1.206 dev enp2s0 lladdr b8:a4:4f:32:e9:51 used 0/0/0 probes 1 STALE
10.10.1.145 dev enp2s0 lladdr b8:a4:4f:46:8c:57 used 0/0/0 probes 1 STALE
10.10.1.32 dev enp2s0 lladdr b8:a4:4f:32:dc:5e used 0/0/0 probes 1 STALE
192.168.1.1 dev enp1s0 lladdr c4:ea:1d:a8:b5:6e used 0/0/0 probes 1 STALE
10.10.1.62 dev enp2s0 lladdr 00:c0:3d:09:ae:92 used 0/0/0 probes 1 STALE
10.10.1.139 dev enp2s0 lladdr b8:a4:4f:32:e9:0e used 0/0/0 probes 1 STALE
fdc3:8fa3:8072::1 dev enp1s0 lladdr c4:ea:1d:a8:b5:6e router ref 1 used 0/0/0 probes 1 REACHABLE
fe80::c6ea:1dff:fea8:b56e dev enp1s0 lladdr c4:ea:1d:a8:b5:6e router ref 1 used 0/0/0 probes 1 REACHABLE

From the host, we can ping internet hosts and the camera’s.

From a container connected to a bridge network, we can ping internet hosts but not the camera’s.
If we put the container on the host network, it all works fine.

We really want to keep using the custom bridge network and not change our compose deployment.
Is there a way to keep the bridge network and be able to reach both?
Maybe we need an additional routing rule?

Output from ip route:

root@acae24e:~# ip route
default via 192.168.1.1 dev enp1s0  metric 100 
10.10.1.0/24 dev enp2s0 scope link  src 10.10.1.1  metric 101 
10.114.101.0/24 dev balena0 scope link  src 10.114.101.1 
10.114.102.0/24 dev resin-dns scope link  src 10.114.102.1 
10.114.104.0/25 dev supervisor0 scope link  src 10.114.104.1 
52.4.252.97 dev resin-vpn scope link  src 10.246.235.109 
172.17.0.0/16 dev br-b03928b9acbb scope link  src 172.17.0.1 
192.168.1.0/24 dev enp1s0 scope link  src 192.168.1.62  metric 100