Use Case:
Again this is being used for educational purposes. However, as in the diagram you can setup your internal network, your windows firewall to only allow the docker traffic to the necessary ports from the Jenkins server, this would ensure that no other machines, or actors could access and control your docker agent.
Hope this clears it up.
And as stated above you need to run the following command to make that port available:
netsh interface portproxy add v4tov4 listenport=2375 listenaddress=<your_IP> connectaddress=127.0.0.1 connectport=2375