I’m trying to bind two ports from a docker container to a currently unused IP address on one of the host machine’s interfaces.
I’m attempting to start the container (which is based on the centos/systemd image) like this:
sudo docker run --privileged -d -p 172.19.5.1:22:22 -p 172.19.5.1:5432:5432 --name test --hostname test -v /sys/fs/cgroup:/sys/fs/cgroup:ro --net cdnet image_name
and it fails with the message: Error starting userland proxy: listen tcp 172.19.5.1:22: bind: address already in use.
You can see from the settings of the network that this address should be totally valid:
[ { "Name": "cdnet", "Id": "c7f58c7f7765b7ee85ffd7638d98c1f73d0abf2393635d26d9634ac94e1c05e9", "Created": "2018-04-27T20:40:44.542040471Z", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": {}, "Config": [ { "Subnet": "172.19.0.0/16", "Gateway": "172.19.0.1" } ] }, "Internal": false, "Attachable": false, "Ingress": false, "Containers": {}, "Options": {}, "Labels": {} } ]
and for good measure, I created the IP on my machine’s main network interface:
6: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 9000 qdisc noqueue state UP qlen 1000 link/ether 0c:c4:7a:8e:f4:f2 brd ff:ff:ff:ff:ff:ff inet 69.241.118.34/30 brd 69.241.118.35 scope global bond0 valid_lft forever preferred_lft forever inet 69.241.118.0/30 scope global bond0 valid_lft forever preferred_lft forever inet 69.241.118.4/30 scope global bond0 valid_lft forever preferred_lft forever inet 172.19.5.1/25 scope global bond0 valid_lft forever preferred_lft forever inet 69.241.118.1/30 scope global secondary bond0 valid_lft forever preferred_lft forever inet 69.241.118.2/30 scope global secondary bond0 valid_lft forever preferred_lft forever inet 69.241.118.3/30 scope global secondary bond0 valid_lft forever preferred_lft forever inet6 2001:558:fee8:17a:ec4:7aff:fe8e:f4f2/64 scope global deprecated mngtmpaddr dynamic valid_lft 1974996sec preferred_lft 0sec inet6 2001:558:fee8:17a::2/64 scope global valid_lft forever preferred_lft forever inet6 fe80::ec4:7aff:fe8e:f4f2/64 scope link valid_lft forever preferred_lft forever
I have no other containers running (sudo docker ps -aq
returns nothing) and I know for sure that no other process is using that address – here’s my output for sudo netstat -anlp
(without the Unix domain socket section):
Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:199 0.0.0.0:* LISTEN 1406/snmpd tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 1763/dnsmasq tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1397/sshd tcp 0 0 0.0.0.0:1691 0.0.0.0:* LISTEN 31215/perl tcp 0 0 0.0.0.0:5662 0.0.0.0:* LISTEN 31215/perl tcp6 0 0 :::111 :::* LISTEN 1/systemd tcp6 0 0 :::22 :::* LISTEN 1397/sshd tcp6 0 920 <IP REDACTED>:22 <IP REDACTED> ESTABLISHED 22357/sshd: <USERNAME REDACTED> tcp6 0 0 <IP REDACTED>:22 <IP REDACTED> ESTABLISHED 22099/sshd: <USERNAME REDACTED> udp 0 0 0.0.0.0:53763 0.0.0.0:* 1406/snmpd udp 0 0 0.0.0.0:57647 0.0.0.0:* 1406/snmpd udp 0 0 192.168.122.1:53 0.0.0.0:* 1763/dnsmasq udp 0 0 0.0.0.0:67 0.0.0.0:* 1763/dnsmasq udp 0 0 0.0.0.0:111 0.0.0.0:* 17684/rpcbind udp 0 0 0.0.0.0:161 0.0.0.0:* 1406/snmpd udp 0 0 0.0.0.0:162 0.0.0.0:* 2589/snmptrapd udp 0 0 0.0.0.0:892 0.0.0.0:* 17684/rpcbind udp 0 0 0.0.0.0:35179 0.0.0.0:* 1406/snmpd udp6 0 0 :::111 :::* 17684/rpcbind udp6 0 0 :::892 :::* 17684/rpcbind
(Neither redacted IP is, needless to say, the one to which I’m trying to bind; they are the real external IPv6 addresses of myself and the machine.)
All of the results for publishing ports of a docker container that I can find in my searches are merely trying to bind a port to localhost, and I really cannot figure out why this is breaking. The system is CentOS Linux release 7.4.1708 (Core), Docker version 17.05.0-ce, build 89658be
NOTE: I’ve tried both with and without EXPOSE 22 5432
in the Dockerfile and I’ve tried different IP addresses (which you can see in the ip addr
output above).
Advertisement
Answer
0.0.0.0 means “all ipv4 interfaces”, so yes, it’s already in use in this line of your output:
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1397/sshd