There are a few possible causes of this - from the docker daemon having inter-container communication (
icc) disabled to iptables having a default rule of deny. This doc will cover some, but not all, of the possible causes - and an instance may suffer from multiple at once.
This can be detected by running
docker info and searching for
icc. By default, this string will not appear in the output, and if it is set to false this will disable inter-container communication.
iptables default deny
If the output of
iptables -L contains
iptables -P INPUT DROP, any routes to the host not explicitly covered will be blocked. This can be resolved by running
iptables -A INPUT -i docker0 -j ACCEPT to allow all incoming connections from the docker0 bridge, which is internal to the server.
If this resolves the problem, you will need to persist the new iptables rule somehow.
iptables-persistent is the standard way to do this.