Docker service network issue. (Can not connect from other host)

Hi guy,

I got 2 problem on docker service network.

When I use docker service create container with publish port, I cannot connect to my container from other host. But it works when I using docker run to create container with the same image.

This is what I did to build container:

[root@docker1 ~]# docker service create --name web5678 --replicas 3 --publish 5678:80 nginx
[root@docker1 ~]# docker run -d -p 5679:80 nginx
[root@docker1 ~]# 
[root@docker1 ~]# firewall-cmd --zone=public  --add-port=5678/tcp
[root@docker1 ~]# firewall-cmd --zone=public  --add-port=5679/tcp

When I use curl to connect to 5678 port, it shows:

curl: (7) Failed connect to; No route to host

But connect to 5679 port, it works fine.

After I used docker service rm to remove the docker services, the services is gone, but the publish ports mapped by docker service are still locked by docker process. I have no idea how to release these ports.

This is how it looks like now:

[root@docker1 ~]# ss -lntpu |grep docker
udp UNCONN 0 0 :::7946 :::* users:((“dockerd”,pid=1555,fd=24))
tcp LISTEN 0 128 :::2377 :::* users:((“dockerd”,pid=1555,fd=16))
tcp LISTEN 0 128 :::7946 :::* users:((“dockerd”,pid=1555,fd=19))
tcp LISTEN 0 128 :::5678 :::* users:((“dockerd”,pid=1555,fd=43))
tcp LISTEN 0 128 :::5679 :::* users:((“docker-proxy”,pid=8235,fd=4))
tcp LISTEN 0 128 :::9999 :::* users:((“dockerd”,pid=1555,fd=40))
tcp LISTEN 0 128 :::8080 :::* users:((“dockerd”,pid=1555,fd=38))
tcp LISTEN 0 128 :::80 :::* users:((“dockerd”,pid=1555,fd=36))
tcp LISTEN 0 128 :::888 :::* users:((“dockerd”,pid=1555,fd=39))
tcp LISTEN 0 128 :::443 :::* users:((“dockerd”,pid=1555,fd=37))

It seems there’s some problem between firewalld and docker swarm.

After I disable firewalld and reboot, everything works just fine.

I can connect docker service container from the other host and the port will release after using docker service rm.