Port mapping in ubuntu 15.04 trying to run consul container

hello all,
and thank you in advance for reading this.

…I am trying to test consul with docker:

$ docker --version
Docker version 1.9.1, build a34a1d5

…I have a simple Dockerfile, based on ubuntu:15.04 where I download and run the consul binary, exposing the 3 ports 8400, 8500 and 8600:

FROM ubuntu:15.04
RUN apt-get -y --force-yes --fix-missing update
RUN DEBIAN_FRONTEND=noninteractive apt-get -y --force-yes install curl nmap dnsutils git sed bc vim zip unzip openssh-server openssh-client
RUN mkdir -p /build
RUN mkdir -p /app/config
RUN mkdir -p /app/tmp
RUN mkdir -p /app/bin
WORKDIR /build
RUN wget https://releases.hashicorp.com/consul/0.6.1/consul_0.6.1_linux_amd64.zip -O consul.zip
RUN unzip consul.zip -d /app/bin
RUN rm consul.zip
EXPOSE 8400 8500 8600
CMD [ “/app/bin/consul”, “agent”, “-server”, “-bootstrap-expect”, “1”, “-data-dir”, “/app/tmp”, “-log-level”, “debug” ]

…Then I build the image and run it:

docker build -t $IMAGE_NAME .
docker run -d --name $CONTAINER_NAME $IMAGE_NAME:$TAG

…But I can’t access the container ports, If I scan the container ports from the host I get only one port open:

$ nmap
Starting Nmap 6.47 at 2016-01-10 20:09 GMT
Nmap scan report for
Host is up (0.0010s latency).
Not shown: 999 closed ports
8300/tcp open tmi
Nmap done: 1 IP address (1 host up) scanned in 11.15 seconds

…while if I run nmap from the container, the ports are there open for me:

$ nmap localhost
Starting Nmap 6.47 at 2016-01-10 20:53 UTC
Nmap scan report for localhost (
Host is up (0.000034s latency).
Other addresses for localhost (not scanned):
Not shown: 996 closed ports
8300/tcp open tmi
8400/tcp open cvd
8500/tcp open fmtp
8600/tcp open asterix
Nmap done: 1 IP address (1 host up) scanned in 1.79 seconds

…does anyone have any ideas of what might be the reason of this?

thank you


You’ll want to use the port publishing feature. Instead of running it as:

docker run -d --name $CONTAINER_NAME $IMAGE_NAME:$TAG

run it like this:

docker run -p 8400:8400 -p 8500:8500 -p 8600:8600 -d --name $CONTAINER_NAME $IMAGE_NAME:$TAG

That will mean that any requests sent to your docker host’s IP address on any of those three ports will get forwarded on to the corresponding port on the container.

Also, what happens if you do the nmap from inside the container, but use the container’s eth0 ip instead of the ip?