Kind of a docker noob here, on Linux Mint 19.3 running Docker-CE 20.10.8 and multiple containers of Ubuntu images via docker-compose (1.29.2).

The containers can communicate between themselves in the default bridge mode, but can’t reach any services on the host (aka host.docker.internal, as configured via extra_hosts). Ping to host.docker.internal works, so the routing seems fine.

Any advice about where should I be looking?

Any chance those services on the host only allow connections from localhost? If yes, then I assume that traffic from the containers still seems to originate from localhost, but: maybe not?

(Requests from the host to a container surely are not considered to originate from what the container thinks is localhost. But that’s the other way around.)

Thanks. I’ve tried using netcat to set up a listener on the host, bound to various interfaces. It doesn’t seem to make a difference.

Ah, apparently I ran into this known issue with iptables/ufw Best Practices for Docker and UFW · Issue #777 · docker/for-linux · GitHub