When creating a container using the docker run command, the -p or --publish option can be used to declare the ports that will be used between the Docker server and the container, which adds a rule to iptables to allow the port. Optionally, a hostname or IP address can be included.

In this example, a container is created using the foo:latest image, and the Docker server will listen on port 8080 and the container will listen on port 1337.

docker run --publish 8080:1337 foo:latest

Optionally, you can declare the IP address or hostname on the Docker system and container that should be used. In this scenario, you may also want to consider using the --network and --ip options.

docker run --publish 172.17.0.1:8080:172.20.0.1:1337 foo:latest

It is also noteworthy that the port can be exposed when building an image from a Dockerfile. This does NOT add a rule to iptables to allow the port, meaning you will still need to use the -p or --publish option when using the docker run command to create the container from the image.

EXPOSE 1337/tcp

The iptables --list --numeric command should show the port is allowed.

~]# iptables --list --numeric
Chain DOCKER (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  0.0.0.0/0            172.17.0.3           tcp dpt:1337

As a practical example, let's say you issue the following command to create a new Sails app named foo-app. Let's break down this command.

• The docker run command is used
• The --rm flag is used to remove the container after the interactive session has ended. 
• The --interactive flag is used to get an interactive TTY into the container.
• The --name option is used to name our app foo-app
• The --publish option is used so that the Docker server will listen on port 8080 and the Sails container will listen on port 1337
• The sails:latest sails:latest image is used
• The /bin/bash option is used to use the bash shell in the container

docker run --rm --interactive --name foo-app --publish 8080:1337 sails:latest /bin/bash

If the app is successfully started, something like this should be returned. Notice the Sails service in the container is using port 1337.

 info: Starting app...

 info: Initializing project hook... (`api/hooks/custom/`)
 info: Initializing `apianalytics` hook...  (requests to monitored routes will be logged!)
 info: ·• Auto-migrating...  (alter)
 info:    Hold tight, this could take a moment.
 info:  ✓ Auto-migration complete.

debug: Running v0 bootstrap script...  (looks like this is the first time the bootstrap has run on this computer)
 info:
 info:                .-..-.
 info:
 info:    Sails              <|    .-..-.
 info:    v1.4.3              |\
 info:                       /|.\
 info:                      / || \
 info:                    ,'  |'  \
 info:                 .-'.-==|/_--'
 info:                 `--'-------'
 info:    __---___--___---___--___---___--___
 info:  ____---___--___---___--___---___--___-__
 info:
 info: Server lifted in `/opt/foo-app`
 info: To shut down Sails, press <CTRL> + C at any time.
 info: Read more at https://sailsjs.com/support.

debug: -------------------------------------------------------
debug: :: Wed Jul 21 2021 23:02:10 GMT-0500 (Central Daylight Time)

debug: Environment : development
debug: Port        : 1337
debug: -------------------------------------------------------

Since the Docker server is listening on port 8080, you will navigate to http://<Docker server ip address or hostname>:8080 and the following should be displayed.