If you’re working with Docker, you may have noticed that there are a few ports that are not accessible from the host. This is because the docker daemon uses port 80 for communication with the container runtime and other containers on the system. To access these ports from a Docker container, you need to use one of two methods:
- Use a custom port on your host machine This is the easiest way to access ports that are not accessible from the host. You can create a file called “config.toml” in your docker-compose file and add this line to it: docker-compose up -d This will start your docker container and make sure that all of its ports are open. Once your container is running, you can access any of its ports by using the following command: docker-compose up -p 8080
If you’re networking to the outside world, Docker behaves as if the request was coming from the host machine. But if you want to access processes that are running on the host, your firewall may need some extra configuration.
The Solution: Add a Firewall Rule for 172.18.0.0/16
If you’ve just tried to access a process running on the host machine like an HTTP service, you might have gotten blocked. This is because even though Docker containers run on the host, they use some special networking under the hood to keep them logically separated, and because of that they have different IP addresses.
You can see this when running ifconfig, you’ll see your standard network interface, but also the docker0 interface. By default, Docker uses the 172.18.0.0/16 block to allocate container IP addresses.
The fix is very simple—open this port range in your firewall. Requests from the IP range Docker uses are likely getting blocked. It’s a private IP address range, so there’s minimal risk in having it open. For UFW, that would be:
Optionally specifying a port to open:
For iptables, that would be:
For managed hosting services like AWS, you may not need to change anything—security groups are network firewalls that sit in front of instances, and shouldn’t affect internal traffic.
