Docker — how to forward a port from host to container without --net=host?

On the host running the server, let it be on port 1234.
From host localhost:1234 you can easily connect to it.

However, the container does not come out.

And if you include the --net=host, other features of this app in a container (client) stops working. Therefore, we need a more accurate option.

Already install in the Docker iptables
docker exec golos-default /bin/bash -c "apt-get update"
docker exec golos-default /bin/bash -c "apt-get install -y iptables"
Then did this:
docker exec golos-default /bin/bash -c "iptables-t nat -A PREROUTING policy -p tcp --dport 1234-j DNAT --to-destination 172.17.0.2:1234"
What is 172.17.0.2 is the result of ip route show | grep docker0 running on the hostmachine.

The beginning of the story here is How on Ubuntu to do (preferably without tunnels) to the application (client) when trying to connect to ip1:port ip2 is connected to the port?

The truth here is another point
netstat-tlnp
...
tcp 0 0 127.0.0.1:27017
It's on the host.
Is this a problem?
June 5th 19 at 21:16
1 answer
June 5th 19 at 21:18
hang service 172.17.0.1

Find more questions by tags DockerLinux