My experience is that anything over 1000 ports will cause errors like the following:

iptables failed: iptables --wait -t nat -A DOCKER -p udp -d 0/0 --dport 50387 -j DNAT --to-destination 172.18.0.7:50387 ! -i docker_gwbridge:  (fork/exec /sbin/iptables: resource temporarily unavailable)

Host networking seems like a common way to get around this, but it’s often not an option (swarm mode, etc.).