Expected behavior
I should be able to connect to a docker container bound to a privileged ports (<1024) from the local network (i.e. not from the host machine).
Actual behavior
Connection to privileged ports (<1024) from outside the host time out.
Steps to Reproduce
On my local machine (192.168.1.2) I create a container running on port 80:
docker run -p 80:80 -d --cap-add NET_BIND_SERVICE nginx
I can access this container through localhost:
$ curl --head --write-out '%{http_code}\n' localhost:80 HTTP/1.1 200 OK
But I get a timeout when trying to access this from another machine on the network (192.168.1.3):
$ curl --head --write-out '%{http_code}\n' 192.168.1.2:80 000 curl: (7) couldn't connect to host
If I repeat this but bind the docker container to a higher port the connection from the LAN works as expected.
docker run -p 8080:80 -d nginx
$ curl --head --write-out '%{http_code}\n' 192.168.1.2:8080 HTTP/1.1 200 OK
Information
Docker for Mac: version: mac-v1.11.2-beta15 OS X: version 10.11.5 (build: 15F34) logs: /tmp/20160613-094439.tar.gz failure: No error was detected [OK] docker-cli [OK] app [OK] menubar [OK] virtualization [OK] system [OK] osxfs [OK] db [OK] slirp [OK] moby-console [OK] logs [OK] vmnetd [OK] env [OK] moby [OK] driver.amd64-linux