hi
I want to access a container from outside of network, for example I run:

 docker run -d -p 80:80 --name webTest nginx

on my VPS,and I can not see nginx welcome page over internet.

I tried to change network of container to host with this command:

docker run -d --network host --name webTest nginx

and It is worked over internet, But in this mode I can’t change the publish port with -p and in addition I don’t want to change the defined ports inside of containers.
Is there any way to access container without host network over internet?

Thanks.

Check your firewall. UFW for example:

But it can be firewalld or anything. It depends on the Linux distribution.

Thank you.
ufw is not installed and OS is ubuntu 20.04 LTS, I clear and disable all rule of iptables after run container

docker run -d -p 80:80 --name webTest2 nginx
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

and it is ok now and I can access the container from outside of network.
but this solution is not good ,vulnerability and new docker run is not work.
I don’t know what is need in iptables rules and how to do it?
Can you make an example with iptables?

Thanks.

I am not an expert at IPtables and I don’t think that this is the solution either. You should find what writes those rules. Check the running services on your host and try to find what they are doing by googling there name like “firewalld linux” or “unknownfirewallsoftware linux”.

Docker also writes iptables rules by default, so I would not reset them.

How did you installed Docker? Is it from the official Docker APT repository?

Yes it was official.
I can not config iptables to work successfully. I tried many iptables scenarios with no success.
I finally changed the ubuntu to CentOS 7 and everything is ok with default configuration.

Thanks.