Check in /var/log/iptables/current as it might be dropped by iptables on SME.
Docker version 17.06.0-ce, build 02c1d87
It seems that the container sends it's packets to the internal NIC (192....) and it stops there...
denylog: IN=docker0 OUT= MAC=02:42:c0:13:1f:a9:02:42:ac:11:00:02:08:00 SRC=172.17.0.2 DST=192.168.147.2 LEN=82 TOS=00 PREC=0x00 TTL=64 ID=37635 CE DF PROTO=UDP SPT=45006 DPT=53 LEN=62
and this the auto created bridge on SME by docker at docker service start:
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 0.0.0.0
ether 02:42:c0:13:1f:a9 txqueuelen 0 (Ethernet)
RX packets 122 bytes 33405 (32.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 106 bytes 25973 (25.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
and this is the container's ethernet:
eth0 Link encap:Ethernet HWaddr 02:42:ac:11:00:02
inet addr:172.17.0.2 Bcast:0.0.0.0 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:109 errors:0 dropped:0 overruns:0 frame:0
TX packets:127 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:26253 (26.2 KB) TX bytes:35525 (35.5 KB)
I can ping from the container to SME on both internal and external NIC's
and this are the auto added iptables rules by docker at start of the docker service:
Chain DOCKER (1 references)
target prot opt source destination
Chain DOCKER-ISOLATION (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
And these are the details of the auto created bridge:
[
{
"Name": "bridge",
"Id": "7f5f9cdc4f7ec26d71ca5c21c203472bbb94ab20648ebb4ee717a03bf308a67a",
"Created": "2017-08-04T13:47:02.564051444+02:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]