Maybe this is due to the current version, but the current answer doesn't work on my system (Docker 0.7.2 with base Ubuntu image).
The solution is explained here in the official Docker documentation.
For the lazy ones:
edit /etc/default/ufw to change DEFAULT_FORWARD_POLICY's value to "ACCEPT",
reload with [sudo] ufw reload.
This ensures ufw forward your traffic to the Docker's bridged network (as of my current understanding of these things...).
This fixed it for me:
ufw allow in on docker0
Edit /etc/ufw/before.rules as follows:
In the *filter section, after the first block of required lines, add:
# docker rules to enable external network access from the container
# forward traffic accross the bridge
-A ufw-before-forward -i docker0 -j ACCEPT
-A ufw-before-forward -i testbr0 -j ACCEPT
-A ufw-before-forward -m state --state RELATED,ESTABLISHED -j ACCEPT
At the end of the file, after the line that says COMMIT, add the following section:
*nat
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 172.16.42.0/8 -o eth0 -j MASQUERADE
# don't delete the 'COMMIT' line or these rules won't be processed
COMMIT
After saving the file, restart ufw with sudo ufw disable && sudo ufw enable