Docker containers are just like a computer, the networking between host and containers is affected by the firewall. My iptables has a default DROP all policy, but it will make the Containers cannot communicate with the host. Here is the fix you’ll need.
1 2 3 4 5 | #docker iptables -A INPUT -i docker0 -j ACCEPT iptables -A OUTPUT -o docker0 -j ACCEPT iptables -A FORWARD -i docker0 -j ACCEPT iptables -A FORWARD -o docker0 -j ACCEPT |
Add this to your iptables rules script just below the DROP rules.
“docker0” is the default interface name for the docker networking, if you didn’t change anything, this is it.
Example iptables file:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | #!/bin/bash +x # Reset iptables -F iptables -X iptables -Z # Default to block iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP #localhost iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT #docker iptables -A INPUT -i docker0 -j ACCEPT iptables -A OUTPUT -o docker0 -j ACCEPT iptables -A FORWARD -i docker0 -j ACCEPT iptables -A FORWARD -o docker0 -j ACCEPT ... # (this is not a complete rule file, # remember to open the SSH access # or eles you will lost contact with the node) |