I have a CentOS 7.2 host running Docker 19.03. All docker containers are in a bridge network (172.18.0.0/16). From the host I can ping the gateway (172.18.0.1) but not my containers (172.18.0.2 and 172.18.0.3). And from my containers I can also ping the gateway but not my host.
The bridge network has basically the default configuration. But is there something else I'm missing?
Docker uses iptables and a kernel module called br_netfilter to manage inter-container networking. When the Docker daemon starts, it creates a variety of IPTables rules it required to operate. And every time a new container is provisioned additional rules are created and manipulated. If iptables is in a weird state, has been modified by you, or is not installed this could cause your issue.
I mentioned br_netfilter above. Operates in a similar way. You can confirm the kernel module is loaded with the lsmod command. EG: lsmod | grep br_netfilter. If it is not loaded, then you can load it with modprobe. EG: modprobe br_netfilter. If it is not available, then the kernel module is not installed in your compiled kernel. If you succeed in running modprobe to load the module, then you will need to modify /etc/modprobe.conf or drop a file in /etc/modprobe.d to ensure persistence of kernel modules between reboots.