I might have broken container port mapping

Port mapping is not working. I don’t know if it was something I did or what.

Setup: Arch Linux with kernel 5.16, Docker 20.10.12, using nginx-proxy with its acme companion to get certs for various apps in other containers. Everything was definitely working well.

Then all of a sudden I started getting 502 errors from the nginx proxy. It couldn’t reach the containerized apps on the ports I had specified. After investigating, I found out that the other containers were just opening up whatever ports they wanted to on the host. The host even thinks that the originally specified port is open, but it isn’t. So for example one of my apps is just nginx again serving a website. I have told Docker to map port 8001 on the host to 80 in the container. And then when I use lsof to show what ports are open on the host, I see 8001 in use. But then I can’t access anything on that, I can access it on port 80 (even though 80 is also in use by the nginx proxy). nmap confirms that it’s only port 80 that’s open on the container.

One thing I did recently was change the default policy in the FORWARD chain in iptables. I don’t see why changing the default would matter for packets that were already being routed somewhere.

What info would help anyone diagnose this?