Docker Port Forwarding: A Complete Guide

Docker is a popular container-based framework to develop, package, and deploy applications. Containers are portable, lightweight environments that can run applications reliably across several settings. 

Docker offers a simple yet efficient approach for packaging an app and all of its dependencies into a container image that can be readily deployed on any Docker-compatible platform. 

Port forwarding allows traffic to be sent from one network port to another. This approach is critical in network communication and plays an important role when using Docker.

What is CGNAT?

For most users, getting access to ports behind CGNAT is a common problem. Internet service providers use Carrier-Grade Network Address Translation (CGNAT) as a technique to retain IP addresses. 

As CGNAT restricts inbound connections, accessing devices or services behind it could be challenging.

Port forwarding in Docker

Port forwarding in Docker allows you to expose container ports to the outside world. Docker containers run in isolation by default and are only able to communicate with other containers on the same network. 

For making a container accessible from the outside world, or for mapping a container port to a host port, port forwarding will work.

How can PureVPN help get around CGNAT?

PureVPN’s port forwarding add-on offers you a safe and secure way to unblock ports behind CGNAT, allowing you to remotely access any devices and services. PureVPN assigns you a unique public IP address, making it easy to access ports behind CGNAT and ensuring maximum efficiency and security.

1. Download and install PureVPN on your device.
2. Connect to a port-forwarding-supporting server.
3. Enable port forwarding in the app by going to the port forwarding tab.
4. Specify the port number to be forwarded, along with the IP address of the device to which it has to be forwarded.
5. Click Apply to save the changes

How to Forward Ports in Docker

Step 1: Identify the Container Port

For port forwarding, the first step is determining which container port you wish to expose. This may be accomplished by viewing the Docker container through the following command:

docker inspect <container_name_or_id>

This command will return a full JSON representation of the container setup. Check for the “ExposedPorts” section.

Step 2: Choose a host port

Once the container port has been identified, you must select a host port to which it will be mapped. A host port on the Docker host is a port that receives traffic from the container port. On the Docker host, you can select any accessible port. Port 8080 will be used in this example.

Step 3: Map the ports

The “docker run” command is then used for mapping the container port to the host port. 

Following is the syntax of the command:

docker run -p <host_port>:<container_port> <image_name>

Now the host port 8080 will be mapped to container port 80 for the “nginx” image:

docker run -p 8080:80 nginx

This command will launch a new container with the “nginx” image and map host port 8080 to container port 80.

Step 4: Test the connection

After mapping the ports, you can test the connection in a web browser by going to the Docker host’s IP address and port 8080. If all is in order, you will see the standard Nginx welcome page.

Step 5: Persist the port mapping

Docker containers are ephemeral by default, i.e., modifications made to them aren’t saved after the container is removed or stopped. 

For keeping the port mapping, you can use the “-P” flag rather than the “-p” flag in the “docker run” command. 

The “-P” flag causes all exposed ports to be mapped to random host ports.

docker run -P nginx

You can use the “docker port” command for viewing the port mapping:

docker port <container_name_or_id>

This command displays the host port mapping for all exposed container ports.

Step 6: Use Docker compose

Docker Compose is a tool used for creating and operating multi-container Docker applications. It enables you to declare the port mapping in a YAML file, which makes it easy to maintain and deploy apps. 

To utilize Docker Compose for port forwarding, you can create the ports section in your Docker Compose file:

services:

  web:

    image: nginx

    ports:

      – “8080:80”

In this example, the host port 8080 is mapped to container port 80 for the “web” service.

Basic Syntax

To run a Docker container with port forwarding, use the -p (or --publish) option with docker run. The syntax is:

bashCopy codedocker run -p [host_port]:[container_port] [image_name]

• host_port is the port on your local machine.
• container_port is the port on the Docker container.
• image_name is the name of the Docker image you want to run.

Example

Suppose you have a web application running inside a container on port 80, and you want to access it through port 8080 on your local machine. You would start the container like this:

bashCopy codedocker run -p 8080:80 my-web-app

Now, if you navigate to http://localhost:8080 in your browser, you should see the web application running inside the container.

Multiple Ports

You can also forward multiple ports by using multiple -p options:

bashCopy codedocker run -p 8080:80 -p 8443:443 my-web-app

This command maps port 8080 on the host to port 80 on the container and port 8443 on the host to port 443 on the container.

Docker Compose

If you’re using Docker Compose, you can define port mappings in the docker-compose.yml file:

yamlCopy codeversion: '3'
services:
  web:
    image: my-web-app
    ports:
      - "8080:80"
      - "8443:443"

This setup is similar to the command line option but managed in a YAML configuration file.

Configure Docker Port Forwarding for Client Application

After mapping the ports from the containers to the host, you must update the client application accordingly. The client.ncconf file enables the client application to connect with the NCache servers, so you need to specify the correct ports and IP addresses in this file.

Below is a client.ncconf configuration where the ports are mapped to the previously created NCache servers, ncache-ent-server-01 and ncache-ent-server-02, which are hosted on the public IP address 20.200.20.212:

 <configuration>
    <ncache-server connection-retries="1" retry-connection-delay="0" retry-interval="1" command-retries="3" command-retry-interval="0.1" client-request-timeout="90" connection-timeout="5" port="9800"/>
    <cache id="demoCache" client-cache-id="" client-cache-syncmode="optimistic" skip-client-cache-if-unavailable="True" reconnect-client-cache-interval="10" default-readthru-provider="" default-writethru-provider="" load-balance="True" enable-client-logs="False" log-level="error">
      <server name="172.19.0.11"/>
      <server name="172.19.0.12"/>
    </cache>
    <server-end-point>
      <end-point public-ip="20.200.20.212" public-ports="9801" private-ip="172.19.0.11" private-ports="9800"/>
      <end-point public-ip="20.200.20.212" public-ports="1250-1260" private-ip="172.19.0.11" private-ports="8250-8260"/>
      <end-point public-ip="20.200.20.212" public-ports="1300-1400" private-ip="172.19.0.11" private-ports="8300-8400"/>
      <end-point public-ip="20.200.20.212" public-ports="9802" private-ip="172.19.0.12" private-ports="9800"/>
      <end-point public-ip="20.200.20.212" public-ports="2250-2260" private-ip="172.19.0.12" private-ports="8250-8260"/>
      <end-point public-ip="20.200.20.212" public-ports="2300-2400" private-ip="172.19.0.12" private-ports="8300-8400"/>
    </server-end-point>
  </configuration>

Can you bypass CGNAT and open ports?

Carrier Grade Network Address Translation (CGNAT) is a technology used by ISPs to preserve IP address space. CGNAT assigns a single public IP address to several devices, which may cause issues for users that need to access resources on their network from outside their network.

Still, you may simply overcome CGNAT and open ports on a router by using PureVPN’s port forwarding add-on. Install PureVPN to gain access to its outstanding port forwarding add-on, which can be used to open ports behind CGNAT. 

This enables you to mask IP addresses rapidly, avoid CGNAT-related issues, and port forward routers.

Host a server with a dedicated IP and port forwarding add on

If you are planning to host a game server, have your IP whitelisted, or have your friends connect to your devices at home, you’ll require a dedicated IP with a Port Forwarding add-on. 

A dedicated IP address enables you to set up servers and permit external IP addresses to connect to them without worrying about IP mapping.

How to Port Forward Docker with PureVPN

If you are looking for a hassle-free way to port forward Docker, PureVPN’s Port Forwarding add-on can help. Here’s how to get started:

1. Choose a suitable PureVPN plan and add the Port Forwarding add-on during checkout. Complete your purchase.

2. Download and install the PureVPN app for your device and log into your account with your credentials.

3. Go to the Subscriptions tab in the PureVPN Member Area. There, click the Configure button next to Port Forwarding.

4. Click Enable specific ports and enter the Docker ports you wish to forward. Common Docker ports include 2375 for the daemon and any application-specific ports your container might use.

5. To apply your settings, you will have to connect to any server that supports port forwarding.
6. Enter the VPN’s public IP address and the specific forwarded port in your browser or Docker client (e.g.,192.0.2.1:2375) to access your Docker container remotely.

Docker Port Forwarding Not Working? Try These Fixes 

If you are unable to port forward docker, here are some potential reasons and effective solutions:

• Firewall Restrictions: Sometimes, the host machine’s firewall blocks incoming connections to Docker containers. Modify the firewall settings to allow traffic on the ports used by your Docker containers.

• Incorrect Port Bindings: Misconfigured port bindings in the Docker run command can prevent port forwarding. Verify the port mapping in the Docker run command and make sure it follows the correct format.

• Network Mode Issues: Using the wrong network mode in Docker can affect connectivity. Check the container is not running in ‘host’ or ‘none’ network mode if you need port forwarding. Use ‘bridge’ mode for automatic port forwarding.

• IP Address Conflicts: If the container’s IP conflicts with other network devices, it might lead to issues. Assign a unique IP address to the container or use the default Docker bridge network to avoid conflicts.

• Docker Daemon Not Listening: The Docker daemon might not be set to listen on any interfaces other than localhost. Configure the Docker daemon to listen on the appropriate interface or on all interfaces.

Final Words

Port forwarding is a crucial method for Docker that allows you to expose container ports to the outside world. It enables you to run apps in a separate environment while keeping them accessible. 

By following the steps mentioned in this guide, you can easily forward ports in Docker and enjoy the performance benefits.

Frequently Asked Questions