Home > Blockchain >  Docker and netstat: why is netstat not showing ports, exposed by docker containers
Docker and netstat: why is netstat not showing ports, exposed by docker containers

Time:11-29

Related to question Docker and netstat: netstat is not showing ports, exposed by docker containers where only solutions are discussed, I would like to know why this happens?

What happens:

If I serve a service using docker (e.g. docker run --rm -p 8080:80 httpd), executing netstat -anp | grep 8080 on host shows docker listening on 8080, but it does not show open connections! I would expect to see connections also on host, because clients are connected to the host which forwards the port to the docker container.

Why is it not possible to see these connections?

CodePudding user response:

netstat -a shows open socket connections. But the client is not connected to the host socket, because docker routes the packages before connection to the container by applying masquerading rules. This can be seen with iptables -L -n -t nat.

So the only way to see this connections with netstat is by executing it in the container. For example by running docker exec CONTAINER netstat -anp.

  • Related