I have previously posted on serverfault with no success: networking - Docker service unreachable on host-IP, but works on localhost - Server Fault , let me try it here:
I want to access a docker container with a published port from the host machine using the host LAN IP (not the internal container IP, not the external WAN IP). I can access the container port via localhost and can access the container with the LAN IP from other hosts. Also on the host I can access ports just fine using the LAN IP, just nothing in a container.
I don’t have this behavior on another docker host (raspberrypi), so it must be some setting on this specific docker host (Synology Diskstation), I just don’t know where and what else to check.
Host: 192.168.178.188
Docker Container: 172.17.0.2
Directly the host 
- Starting a netcat [1] listen session:
$ netcat -vvl -p 8182 - Connecting [2] to it from the same host:
$ netcat 192.168.178.188 8182
foo
- Receiving message from [2] with [1]
$ netcat -vvl -p 8182
foo
Also connecting to localhost 8182, or 127.0.0.1 8182 works.
From the host to docker 
- Starting a network test container:
docker run -ti --rm -p 1180:1180 -p 11443:11443 -p 8181:8181 -e HTTP_PORT=1180 -e HTTPS_PORT=11443 wbitt/network-multitool:alpine-extra /bin/bash - Checking container IP
bash-5.1# ip a s|sed -ne '/127.0.0.1/!{s/^[ \t]*inet[ \t]*\([0-9.]\+\)\/.*$/\1/p}'
172.17.0.2
- Starting a netcat listen session inside the container:
bash-5.1# nc -vvl -p 8181
Listening on [0.0.0.0] (family 0, port 8181)
- Receiving a connection via the internal docker IP :
# host
$ netcat 172.17.0.2 8181
bar
# container
bash-5.1# nc -vvl -p 8181
Listening on [0.0.0.0] (family 0, port 8181)
Connection from 172.17.0.1 36172 received!
bar
- Receiving a connection via localhost :
# host
$ netcat 127.0.0.1 8181
foobar
# container
bash-5.1# nc -vvl -p 8181
Listening on [0.0.0.0] (family 0, port 8181)
Connection from 172.17.0.1 40582 received!
foobar
- Receiving a connection via the local LAN IP of the host :
# host
$ netcat 192.168.178.188 8181
# container
bash-5.1# nc -vvl -p 8181
Listening on [0.0.0.0] (family 0, port 8181)
#host
$ nc -zv 192.168.178.188 8181
DiskStation.domain.local [192.168.178.188] 8181: Network is unreachable
$ nc -zv localhost 8181
localhost [127.0.0.1] 8181 open
I have tried starting the container with specific IP:Port mappings. i.e. -p 192.168.178.188:8181:8181 with no luck - same problem.
- Receiving a connection from another host in the network
I’m going to spare you the details on the last one, but same as before: connecting via netcat with the local LAN IP (192.168.178.188) works.
The problem seems to be that I can only connect to containers from the host using localhost & their internal IP - here comes the kicker: I don’t have that problem on another docker host (raspberrypi 4). I can call the same commands I showed above and everything works.
I ran tcpdump and I always receive two packets when trying to to nc 192.168.178.188 8181:
7 2.669182 192.168.178.188 172.17.0.2 TCP 76 35912 → 8181 [SYN] Seq=0 Win=43690 Len=0 MSS=65495 SACK_PERM=1 TSval=7727405 TSecr=0 WS=128
8 2.669189 192.168.178.188 172.17.0.2 TCP 76 [TCP Out-Of-Order] [TCP Port numbers reused] 35912 → 8181 [SYN] Seq=0 Win=43690 Len=0 MSS=65495 SACK_PERM=1 TSval=7727405 TSecr=0 WS=128
How can I make this docker host behave the same as the other hosts I have? Why doesn’t it like the LAN IP?