Docker logo

If you’re networking to the outside world, Docker behaves as if the request was coming from the host machine. But if you want to access processes that are running on the host, your firewall may need some extra configuration.

The Solution: Add a Firewall Rule for

If you’ve just tried to access a process running on the host machine like an HTTP service, you might have gotten blocked. This is because even though Docker containers run on the host, they use some special networking under the hood to keep them logically separated, and because of that they have different IP addresses.

You can see this when running ifconfig, you’ll see your standard network interface, but also the docker0 interface. By default, Docker uses the block to allocate container IP addresses.

The docker0 interface

The fix is very simple—open this port range in your firewall. Requests from the IP range Docker uses are likely getting blocked. It’s a private IP address range, so there’s minimal risk in having it open. For UFW, that would be:

sudo ufw allow from

Optionally specifying a port to open:

sudo ufw allow from to any port 9200

For iptables, that would be:

iptables --append INPUT --protocol tcp --src --jump DROP

For managed hosting services like AWS, you may not need to change anything—security groups are network firewalls that sit in front of instances, and shouldn’t affect internal traffic.

Profile Photo for Anthony Heddings Anthony Heddings
Anthony Heddings is the resident cloud engineer for LifeSavvy Media, a technical writer, programmer, and an expert at Amazon's AWS platform. He's written hundreds of articles for How-To Geek and CloudSavvy IT that have been read millions of times.
Read Full Bio »