X
Popular Searches

How to Access Ports on the Host from a Docker Container

Docker logo

If you’re networking to the outside world, Docker behaves as if the request was coming from the host machine. But if you want to access processes that are running on the host, your firewall may need some extra configuration.

The Solution: Add a Firewall Rule for 172.18.0.0/16

If you’ve just tried to access a process running on the host machine like an HTTP service, you might have gotten blocked. This is because even though Docker containers run on the host, they use some special networking under the hood to keep them logically separated, and because of that they have different IP addresses.

You can see this when running ifconfig, you’ll see your standard network interface, but also the docker0 interface. By default, Docker uses the 172.18.0.0/16 block to allocate container IP addresses.

The docker0 interface

The fix is very simple—open this port range in your firewall. Requests from the IP range Docker uses are likely getting blocked. It’s a private IP address range, so there’s minimal risk in having it open. For UFW, that would be:

sudo ufw allow from 172.18.0.0/24

Optionally specifying a port to open:

sudo ufw allow from 172.18.0.0/24 to any port 9200

For iptables, that would be:

iptables --append INPUT --protocol tcp --src 172.18.0.0/24 --jump DROP

For managed hosting services like AWS, you may not need to change anything—security groups are network firewalls that sit in front of instances, and shouldn’t affect internal traffic.

Anthony Heddings Anthony Heddings
Anthony Heddings is the resident cloud engineer for LifeSavvy Media, a technical writer, programmer, and an expert at Amazon's AWS platform. He's written hundreds of articles for How-To Geek and CloudSavvy IT that have been read millions of times. Read Full Bio »

The above article may contain affiliate links, which help support CloudSavvy IT.