Docker won’t bind to address; says it’s in use but it isn’t

I’m trying to bind two ports from a docker container to a currently unused IP address on one of the host machine’s interfaces.

I’m attempting to start the container (which is based on the centos/systemd image) like this:

sudo docker run --privileged -d -p 172.19.5.1:22:22 -p 172.19.5.1:5432:5432 --name test --hostname test -v /sys/fs/cgroup:/sys/fs/cgroup:ro --net cdnet image_name

and it fails with the message: Error starting userland proxy: listen tcp 172.19.5.1:22: bind: address already in use.

You can see from the settings of the network that this address should be totally valid:

[
    {
        "Name": "cdnet",
        "Id": "c7f58c7f7765b7ee85ffd7638d98c1f73d0abf2393635d26d9634ac94e1c05e9",
        "Created": "2018-04-27T20:40:44.542040471Z",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "172.19.0.0/16",
                    "Gateway": "172.19.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "Containers": {},
        "Options": {},
        "Labels": {}
    }
]

and for good measure, I created the IP on my machine’s main network interface:

6: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 9000 qdisc noqueue state UP qlen 1000
    link/ether 0c:c4:7a:8e:f4:f2 brd ff:ff:ff:ff:ff:ff
    inet 69.241.118.34/30 brd 69.241.118.35 scope global bond0
       valid_lft forever preferred_lft forever
    inet 69.241.118.0/30 scope global bond0
       valid_lft forever preferred_lft forever
    inet 69.241.118.4/30 scope global bond0
       valid_lft forever preferred_lft forever
    inet 172.19.5.1/25 scope global bond0
       valid_lft forever preferred_lft forever
    inet 69.241.118.1/30 scope global secondary bond0
       valid_lft forever preferred_lft forever
    inet 69.241.118.2/30 scope global secondary bond0
       valid_lft forever preferred_lft forever
    inet 69.241.118.3/30 scope global secondary bond0
       valid_lft forever preferred_lft forever
    inet6 2001:558:fee8:17a:ec4:7aff:fe8e:f4f2/64 scope global deprecated mngtmpaddr dynamic 
       valid_lft 1974996sec preferred_lft 0sec
    inet6 2001:558:fee8:17a::2/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::ec4:7aff:fe8e:f4f2/64 scope link 
       valid_lft forever preferred_lft forever

I have no other containers running (sudo docker ps -aq returns nothing) and I know for sure that no other process is using that address – here’s my output for sudo netstat -anlp (without the Unix domain socket section):

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:199           0.0.0.0:*               LISTEN      1406/snmpd          
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1/systemd           
tcp        0      0 192.168.122.1:53        0.0.0.0:*               LISTEN      1763/dnsmasq        
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1397/sshd           
tcp        0      0 0.0.0.0:1691            0.0.0.0:*               LISTEN      31215/perl          
tcp        0      0 0.0.0.0:5662            0.0.0.0:*               LISTEN      31215/perl          
tcp6       0      0 :::111                  :::*                    LISTEN      1/systemd           
tcp6       0      0 :::22                   :::*                    LISTEN      1397/sshd           
tcp6       0    920 <IP REDACTED>:22 <IP REDACTED> ESTABLISHED 22357/sshd: <USERNAME REDACTED> 
tcp6       0      0 <IP REDACTED>:22 <IP REDACTED> ESTABLISHED 22099/sshd: <USERNAME REDACTED> 
udp        0      0 0.0.0.0:53763           0.0.0.0:*                           1406/snmpd          
udp        0      0 0.0.0.0:57647           0.0.0.0:*                           1406/snmpd          
udp        0      0 192.168.122.1:53        0.0.0.0:*                           1763/dnsmasq        
udp        0      0 0.0.0.0:67              0.0.0.0:*                           1763/dnsmasq        
udp        0      0 0.0.0.0:111             0.0.0.0:*                           17684/rpcbind       
udp        0      0 0.0.0.0:161             0.0.0.0:*                           1406/snmpd          
udp        0      0 0.0.0.0:162             0.0.0.0:*                           2589/snmptrapd      
udp        0      0 0.0.0.0:892             0.0.0.0:*                           17684/rpcbind       
udp        0      0 0.0.0.0:35179           0.0.0.0:*                           1406/snmpd          
udp6       0      0 :::111                  :::*                                17684/rpcbind       
udp6       0      0 :::892                  :::*                                17684/rpcbind

(Neither redacted IP is, needless to say, the one to which I’m trying to bind; they are the real external IPv6 addresses of myself and the machine.)

All of the results for publishing ports of a docker container that I can find in my searches are merely trying to bind a port to localhost, and I really cannot figure out why this is breaking. The system is CentOS Linux release 7.4.1708 (Core), Docker version 17.05.0-ce, build 89658be

NOTE: I’ve tried both with and without EXPOSE 22 5432 in the Dockerfile and I’ve tried different IP addresses (which you can see in the ip addr output above).

Answer

0.0.0.0 means “all ipv4 interfaces”, so yes, it’s already in use in this line of your output:

tcp      0    0 0.0.0.0:22      0.0.0.0:*       LISTEN    1397/sshd

Advertisement

Answer