Docker reverse proxy container on bridged network

first of all: I'm aware of this: Unable to access docker containers from host over macvlan network

I'm using a single docker host setup (unraid, but that's irrelevant).

For various reasons, I'm using a mailserver container (poste) on a macvlan network, as I need to have an ip within the LAN (firewall, spamfiltering, experimenting). The mailserver container also contains a webserver & webui. I also want my reverse proxy container (on the docker0 network) to point to my mailserver's webui.

Is there any workaround for this not using 2 networks added to my mailserver container? By adding a route, for example? Currently, I'm using a second network as a solution for my situation. So by running # docker network connect docker0 containername after the container started, where docker0 is the internal docker network 172.17.0.0/16.

However, this poses some security issues, imho. although I could probably limit access over the bridge network to the mail-container to just the reverse-proxy-container?

I have another path to explore, when I use the second eth adapter on the host

host network adapters:

eth0: 10.10.0.16/16
eth1: 10.10.0.17/16

When I do a # docker network inspect br0, this is the result. br0 is the name of the macvlan network.

[
    {
        "Name": "br0",
        "Id": "beb3548b7a4a4fdaba6c3fa2771ea7a8511d44b0e2545abc9b2f7d8ed922",
        "Created": "2018-03-09T17:48:09.444567623+01:00",
        "Scope": "local",
        "Driver": "macvlan",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "10.10.0.0/16",
                    "Gateway": "10.10.0.99",
                    "AuxiliaryAddresses": {
                        "server": "10.10.0.16"
                    }
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "1c215b70764d198ce95b702f49b1f263a7a68a308f13db2907921d8bd4d9": {
                "Name": "poste",
                "EndpointID": "7d560d531e4f88472b7cbf96b5f460964bf12bdd478f88840475732215ff",
                "MacAddress": "02:42:0a:0a:20:f2",
                "IPv4Address": "10.10.32.242/16",
                "IPv6Address": ""
            }
        },
        "Options": {
            "parent": "br0"
        },
        "Labels": {}
    }
]

And then I can use

# ip link add link eth1 dev eth1m type macvlan mode bridge
# ip link set eth1m up
# ip route add 10.10.32.242 dev eth1m

Now I can ping / communicate to the container (even when only a macvlan network is attached), from the host. The problem is I still cannot reach 10.10.32.242 from my reverse-proxy container (which is, as said, on the docker0 network).