I have an instance with docker. One docker container listens for 9017 port but it is not available by public ip. I disabled ufw and clear iptables. Instance also has no DO firewall.
root@docker-1gb-fra1-01:/home# ufw disable
Firewall stopped and disabled on system startup
root@docker-1gb-fra1-01:/home# ufw status
Status: inactive
root@docker-1gb-fra1-01:/home# iptables -P INPUT ACCEPT
root@docker-1gb-fra1-01:/home# iptables -P FORWARD ACCEPT
(See iptables rules below)
nmap shows next:
root@docker-1gb-fra1-01:/home# nmap -p 9000-10000 localhost
Starting Nmap 7.01 ( https://nmap.org ) at 2017-11-25 12:44 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000023s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
9017/tcp open unknown
9403/tcp open unknown
9404/tcp open unknown
9451/tcp open unknown
Nmap done: 1 IP address (1 host up) scanned in 1.69 seconds
root@docker-1gb-fra1-01:/home# nmap -p 9000-10000 139.59.213.99
Starting Nmap 7.01 ( https://nmap.org ) at 2017-11-25 12:44 UTC
Nmap scan report for 139.59.213.99
Host is up (0.000051s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
9017/tcp filtered unknown
9403/tcp filtered unknown
9404/tcp filtered unknown
9451/tcp filtered unknown
Why mentioned ports are filtered?
iptables:
root@docker-1gb-fra1-01:/home# iptables --line-numbers -vL
Chain INPUT (policy ACCEPT 20 packets, 1434 bytes)
num pkts bytes target prot opt in out source destination
1 8169 377K ufw-before-logging-input all -- any any anywhere anywhere
2 8169 377K ufw-before-input all -- any any anywhere anywhere
3 108 7104 ufw-after-input all -- any any anywhere anywhere
4 105 6948 ufw-after-logging-input all -- any any anywhere anywhere
5 105 6948 ufw-reject-input all -- any any anywhere anywhere
6 105 6948 ufw-track-input all -- any any anywhere anywhere
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 DOCKER-USER all -- any any anywhere anywhere
2 0 0 DOCKER-ISOLATION all -- any any anywhere anywhere
3 0 0 ACCEPT all -- any br-94f58cc57a91 anywhere anywhere ctstate RELATED,ESTABLISHED
4 0 0 DOCKER all -- any br-94f58cc57a91 anywhere anywhere
5 0 0 ACCEPT all -- br-94f58cc57a91 !br-94f58cc57a91 anywhere anywhere
6 0 0 ACCEPT all -- br-94f58cc57a91 br-94f58cc57a91 anywhere anywhere
7 0 0 ACCEPT all -- any docker0 anywhere anywhere ctstate RELATED,ESTABLISHED
8 0 0 DOCKER all -- any docker0 anywhere anywhere
9 0 0 ACCEPT all -- docker0 !docker0 anywhere anywhere
10 0 0 ACCEPT all -- docker0 docker0 anywhere anywhere
11 0 0 ufw-before-logging-forward all -- any any anywhere anywhere
12 0 0 ufw-before-forward all -- any any anywhere anywhere
13 0 0 ufw-after-forward all -- any any anywhere anywhere
14 0 0 ufw-after-logging-forward all -- any any anywhere anywhere
15 0 0 ufw-reject-forward all -- any any anywhere anywhere
16 0 0 ufw-track-forward all -- any any anywhere anywhere
Chain OUTPUT (policy ACCEPT 12 packets, 1686 bytes)
num pkts bytes target prot opt in out source destination
1 8036 447K ufw-before-logging-output all -- any any anywhere anywhere
2 8036 447K ufw-before-output all -- any any anywhere anywhere
3 1075 52820 ufw-after-output all -- any any anywhere anywhere
4 1075 52820 ufw-after-logging-output all -- any any anywhere anywhere
5 1075 52820 ufw-reject-output all -- any any anywhere anywhere
6 1075 52820 ufw-track-output all -- any any anywhere anywhere
Chain DOCKER (2 references)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT tcp -- !br-94f58cc57a91 br-94f58cc57a91 anywhere 172.18.0.6 tcp dpt:9451
2 0 0 ACCEPT tcp -- !br-94f58cc57a91 br-94f58cc57a91 anywhere 172.18.0.6 tcp dpt:9404
3 0 0 ACCEPT tcp -- !br-94f58cc57a91 br-94f58cc57a91 anywhere 172.18.0.6 tcp dpt:9403
4 0 0 ACCEPT tcp -- !br-94f58cc57a91 br-94f58cc57a91 anywhere 172.18.0.2 tcp dpt:9017
Chain DOCKER-ISOLATION (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 DROP all -- docker0 br-94f58cc57a91 anywhere anywhere
2 0 0 DROP all -- br-94f58cc57a91 docker0 anywhere anywhere
3 0 0 RETURN all -- any any anywhere anywhere
Chain DOCKER-USER (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 RETURN all -- any any anywhere anywhere
Chain ufw-after-forward (1 references)
num pkts bytes target prot opt in out source destination
Chain ufw-after-input (1 references)
num pkts bytes target prot opt in out source destination
Chain ufw-after-logging-forward (1 references)
num pkts bytes target prot opt in out source destination
Chain ufw-after-logging-input (1 references)
num pkts bytes target prot opt in out source destination
Chain ufw-after-logging-output (1 references)
num pkts bytes target prot opt in out source destination
Chain ufw-after-output (1 references)
num pkts bytes target prot opt in out source destination
Chain ufw-before-forward (1 references)
num pkts bytes target prot opt in out source destination
Chain ufw-before-input (1 references)
num pkts bytes target prot opt in out source destination
Chain ufw-before-logging-forward (1 references)
num pkts bytes target prot opt in out source destination
Chain ufw-before-logging-input (1 references)
num pkts bytes target prot opt in out source destination
Chain ufw-before-logging-output (1 references)
num pkts bytes target prot opt in out source destination
Chain ufw-before-output (1 references)
num pkts bytes target prot opt in out source destination
Chain ufw-reject-forward (1 references)
num pkts bytes target prot opt in out source destination
Chain ufw-reject-input (1 references)
num pkts bytes target prot opt in out source destination
Chain ufw-reject-output (1 references)
num pkts bytes target prot opt in out source destination
Chain ufw-track-forward (1 references)
num pkts bytes target prot opt in out source destination
Chain ufw-track-input (1 references)
num pkts bytes target prot opt in out source destination
Chain ufw-track-output (1 references)
num pkts bytes target prot opt in out source destination
Submit an answer
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.
Found the reason - bad port forwarding configuration in local network. So actually port wasn’t accessible only from my local network.
Show the output of netstat -ltp and output of docker/docker-compose ps