A service published with port “9097:4700” in a swarm is not available for a reverseproxy running in docker. However, from outside the swarm, the service is available.
Problem from inside the swarm (here within the reverseproxy container)
curl -v http://10.139.0.110:9097 * Rebuilt URL to: http://10.139.0.110:9097/ * Trying 10.139.0.110... * connect to 10.139.0.110 port 9097 failed: No route to host * Failed to connect to 10.139.0.110 port 9097: No route to host * Closing connection 0 curl: (7) Failed to connect to 10.139.0.110 port 9097: No route to host
Just changed the port to “9197:4700” and the problem is solved.
Actually, on my docker hosts:
iptables -L | grep 9097 ACCEPT tcp -- anywhere anywhere tcp dpt:9097 ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED tcp spt:9097 netstat -tulpn | grep 9097 tcp6 0 0 :::9097 :::* LISTEN 1969/dockerd
Is this the default? Why is it allowed to publish services on ports used by dockerd ?