Docker Network Not Accessible: Troubleshooting Container Connectivity

# Docker Network Not Accessible: Troubleshooting Container Connectivity

Your containers are running, but they can't reach each other or the outside world. Network issues in Docker can be tricky because they involve multiple layers—the container's network stack, Docker's networking drivers, and the host's network configuration.

You might see errors like:

curl: (6) Could not resolve host: api.example.com

Or:

Connection refused

Or containers simply timing out when trying to connect to each other.

Understanding Docker Network Types

Before diving into fixes, understand the network types:

• bridge: Default network for containers. Containers can communicate if on the same bridge network.
• host: Container shares the host's network namespace. No isolation.
• none: No networking. Completely isolated.
• overlay: For multi-host communication in Swarm mode.
• macvlan: Container gets its own MAC address, appears as physical device.

docker network ls

Quick Diagnostics

Check Container Network

docker inspect <container_name> --format '{{json .NetworkSettings.Networks}}' | jq

Test DNS Resolution

docker exec <container_name> nslookup google.com

Test Connectivity

docker exec <container_name> ping -c 3 8.8.8.8
docker exec <container_name> curl -v http://example.com

Check If Containers Are on Same Network

docker network inspect <network_name> --format '{{range .Containers}}{{.Name}} {{end}}'

Common Causes and Fixes

Cause 1: DNS Resolution Failure

Containers can't resolve hostnames but can ping IP addresses.

Symptoms: `` curl: (6) Could not resolve host: api.example.com ping: bad address 'google.com'

Diagnosis: ```bash # Test if DNS works at all docker exec <container_name> nslookup google.com

# Check DNS servers container is using docker exec <container_name> cat /etc/resolv.conf

# Compare with host DNS cat /etc/resolv.conf ```

Fix 1: Set DNS servers explicitly

docker run --dns 8.8.8.8 --dns 8.8.4.4 <image>

In Docker Compose:

services:
  myapp:
    image: myimage:latest
    dns:
      - 8.8.8.8
      - 8.8.4.4

Fix 2: Configure daemon-wide DNS

Edit /etc/docker/daemon.json:

{
  "dns": ["8.8.8.8", "8.8.4.4"]
}

sudo systemctl restart docker

Fix 3: Use host DNS mode

For containers that need exact host DNS behavior:

docker run --network host <image>

Cause 2: Containers on Different Networks

Two containers can't communicate because they're on different bridge networks.

Symptoms: - Container A can't reach Container B - Connection refused or timeout errors - Each container has different IP range

Diagnosis: ```bash # Check which networks each container is on docker inspect <container_a> --format '{{range $k, $v := .NetworkSettings.Networks}}{{$k}} {{end}}' docker inspect <container_b> --format '{{range $k, $v := .NetworkSettings.Networks}}{{$k}} {{end}}'

# Get IP addresses docker inspect <container_a> --format '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' docker inspect <container_b> --format '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' ```

Fix 1: Connect containers to same network

```bash # Create a network if needed docker network create mynetwork

# Connect both containers docker network connect mynetwork <container_a> docker network connect mynetwork <container_b> ```

Fix 2: Use Docker Compose networks

```yaml services: app: image: myapp:latest networks: - backend db: image: postgres:15 networks: - backend

networks: backend: driver: bridge ```

Fix 3: Use container name for discovery

On a user-defined network, containers can reach each other by name:

docker run --network mynetwork --name app myapp
docker run --network mynetwork --name db postgres

Now app can connect to db:5432.

Cause 3: Firewall Blocking Container Traffic

The host firewall (iptables, ufw, firewalld) blocks Docker traffic.

Symptoms: - External access works but certain ports blocked - Intermittent connectivity issues - Specific protocols blocked

Diagnosis: ```bash # Check iptables rules sudo iptables -L -n -v

# Check UFW status (Ubuntu) sudo ufw status verbose

# Check firewalld (CentOS/RHEL) sudo firewall-cmd --list-all ```

Fix 1: Add Docker rules to firewall

For UFW, edit /etc/ufw/after.rules and add:

# BEGIN UFW AND DOCKER
-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
# END UFW AND DOCKER

Fix 2: Allow Docker traffic

```bash # For UFW sudo ufw allow from 172.17.0.0/16 sudo ufw reload

# For firewalld sudo firewall-cmd --permanent --zone=trusted --add-interface=docker0 sudo firewall-cmd --reload ```

Fix 3: Disable firewalld for Docker (CentOS)

Edit /etc/docker/daemon.json:

{
  "iptables": true
}

sudo systemctl restart docker

Cause 4: Port Not Exposed or Published

Container is listening on a port but it's not accessible from outside.

Symptoms: `` curl: (7) Failed to connect to localhost port 8080: Connection refused

Diagnosis: ```bash # Check what ports are exposed docker port <container_name>

# Check if process is listening inside container docker exec <container_name> netstat -tlnp ```

Fix 1: Publish the port

docker run -p 8080:80 <image>

Fix 2: Expose in Dockerfile

EXPOSE 80

Then publish at runtime:

docker run -P <image>  # -P publishes all exposed ports

Fix 3: Use host network mode

docker run --network host <image>

Cause 5: MTU Issues

Network packets are dropped due to MTU mismatch, common in VPNs or virtualization.

Symptoms: - Small requests work, large requests hang - SSH works but file transfers fail - Intermittent timeouts

Diagnosis: ```bash # Check container MTU docker exec <container_name> ip link show eth0

# Check host MTU ip link show

# Test with different packet sizes docker exec <container_name> ping -s 1472 -M do 8.8.8.8 ```

Fix 1: Set Docker MTU

Edit /etc/docker/daemon.json:

{
  "mtu": 1400
}

sudo systemctl restart docker

Fix 2: Set per-network MTU

docker network create --opt com.docker.network.driver.mtu=1400 mynetwork

Cause 6: IP Address Conflicts

Docker network IP range conflicts with host network.

Symptoms: - Random connectivity failures - Can't reach certain IP ranges - Routing issues

Diagnosis: ```bash # Check Docker network subnet docker network inspect bridge --format '{{range .IPAM.Config}}{{.Subnet}}{{end}}'

# Check host routes ip route ```

Fix: Use different subnet

# Create network with specific subnet
docker network create --subnet=192.168.100.0/24 mynetwork

Or in daemon configuration:

{
  "bip": "192.168.100.1/24"
}

Cause 7: Overlay Network Issues (Swarm)

In Docker Swarm, overlay networks have additional requirements.

Symptoms: - Containers on different nodes can't communicate - Service discovery fails

Fix: Check Swarm prerequisites

```bash # Ensure ports are open # 2377/tcp - cluster management # 7946/tcp+udp - node discovery # 4789/udp - VXLAN

# Check if node is in swarm docker node ls

# Inspect overlay network docker network inspect ingress ```

Create overlay network properly:

docker network create --driver overlay --attachable myoverlay

Verification Steps

After applying fixes:

1. 1.Test DNS resolution:
2. 2.```bash
3. 3.docker exec <container> nslookup google.com
4. 4.`
5. 5.Test inter-container connectivity:
6. 6.```bash
7. 7.docker exec <container_a> ping -c 3 <container_b>
8. 8.`
9. 9.Test external connectivity:
10. 10.```bash
11. 11.docker exec <container> curl -I https://google.com
12. 12.`
13. 13.Test port accessibility:
14. 14.```bash
15. 15.curl http://localhost:<published_port>
16. 16.`
17. 17.Check network configuration:
18. 18.```bash
19. 19.docker network inspect <network_name>
20. 20.`

Docker network issues usually boil down to DNS, firewall rules, or network isolation. Systematically test DNS, connectivity, and firewall rules to isolate the problem.