Can't access container over specified port

General Discussions
1

Hello guys.

I’ve got some ridiculous situation when can’t access my docker container over its mapped port. Running all like usual:

run container with simple python web app (hello world style app just to test connection)
~# docker run --rm -d -p 192.168.1.102:8080:5000 flask-app
b3407bde527cc4085e2ea794ceb59e1263121f0182e0e738d6fb74a10f4b361b

check it out
~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b3407bde527c flask-app “python -m flask run…” 9 seconds ago Up 8 seconds 192.168.1.102:8080->5000/tcp silly_morse

check that port is up on local IP
~# netstat -tulpn|grep 8080
tcp 0 0 192.168.1.102:8080 0.0.0.0:* LISTEN 5887/docker-proxy

check if port is accessible from host side

  1. ~# nc -zv 192.168.1.102 8080
    192.168.1.102 8080 (http-alt): Connection timed out

  2. ~# curl -v http://192.168.1.102:8080

  • Rebuilt URL to: http://192.168.1.102:8080/
  • Trying 192.168.1.102…
  • TCP_NODELAY set
  • connect to 192.168.1.102 port 8080 failed: Connection timed out
  • Failed to connect to 192.168.1.102 port 8080: Connection timed out
  • Closing connection 0
    curl: (7) Failed to connect to 192.168.1.102 port 8080: Connection timed out

firewall rules are good btw
~# iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N DOCKER
-N DOCKER-ISOLATION
-N DOCKER-USER
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A DOCKER -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 5000 -j ACCEPT
-A DOCKER-ISOLATION -j RETURN
-A DOCKER-USER -j RETURN

The same situation if use ‘any’ interface/IP (-p 0.0.0.0:8080:5000).

Current host OS is Arch 2018 (Linux 4.14.32-1-lts #1 SMP Sun Apr 1 11:41:45 CEST 2018 x86_64 GNU/Linux) and docker version is 18.03.0-ce build 0520e24302.
Also tried to replace existing binaries with the latest version according to official doc but no luck.

Looks like docker-proxy service is not working properly or not handling connections.
The container itself is ok and accessible over http request if run curl cmd from another container.

Can’t find the root of the problem, would be glad for any advise, thank you!