I followed the steps here  to get a local Rancher server up and running. Having got a single node up and registered with Rancher as explained, I repeated the step to have a second host (VM).
I then started a service on each box that listened on an exposed port (visible via that 192.168.99 network), but could not access that port via the 10.42 network. Or rather, I could access the local port, but not the one on the other node.
I’ve read the details here  on cross host communication. In my setup, I don’t just have a rancher/agent-instance:v0.8.1 container, I have a rancher/agent:v1.0.1 container too, and I only see the iptables rules inside the second container, which differs from what is described on that page.
I also see, in the logs of the rancher/agent-instance the same issue as is reported here , but I don’t know if that is particularly an issue, because the next command in the apply.sh script executes successfully.
I also see the same issue when deploying Rancher on EC2. Any ideas what I might be missing when it comes to getting the overlay network to actually work?