Closed port. Where?

Hello.

I have EC2 instance in private subnet on AWS. When I do bring your own node in docker cloud, I get fail to connect to docker server. In the log file I can see error closed port 2375. But I`ve opened 2375 port inbound and outbound in all security groups in my VPC. Where I forgot to open the port?

My structure on AWS: one VPC with private and public subnets. Internet traffic goes in Private subnet from NAT gateway. Is there firewall on NAT instance maybe?