Docker - This site can’t be reached

I installed a tomcat image and ran a container:

[root@MY_IP ~]# docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                     NAMES
e624bb55878f        tomcat:7            "catalina.sh run"   43 minutes ago      Up 43 minutes       0.0.0.0:32768->8080/tcp   pensive_leakey

The logs show me that the tomcat server is running but when I check via a browser it tells me :

This site can’t be reached : MY_IP:32768

MY_IP refused to connect.
ERR_CONNECTION_REFUSED

So MY_IP:32768 doesn't work. I thought it was a firewall problem so I checked my iptables and added a ligne:

[root@MY_IP ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:6666 
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:32768 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

And when I check with netstat it looks good:

[root@MY_IP ~]# netstat -tulpn
Connexions Internet actives (seulement serveurs)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
tcp        0      0 127.0.0.1:27017             0.0.0.0:*                   LISTEN      1375/mongod         
tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN      1240/mysqld         
tcp        0      0 0.0.0.0:21                  0.0.0.0:*                   LISTEN      1101/vsftpd         
tcp        0      0 127.0.0.1:53                0.0.0.0:*                   LISTEN      976/named           
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1087/sshd           
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      1335/master         
tcp        0      0 127.0.0.1:953               0.0.0.0:*                   LISTEN      976/named           
tcp        0      0 :::32768                    :::*                        LISTEN      13085/docker-proxy  
tcp        0      0 :::80                       :::*                        LISTEN      1348/httpd          
tcp        0      0 ::1:53                      :::*                        LISTEN      976/named           
tcp        0      0 :::22                       :::*                        LISTEN      1087/sshd           
tcp        0      0 ::1:953                     :::*                        LISTEN      976/named           
udp        0      0 127.0.0.1:53                0.0.0.0:*                               976/named           
udp        0      0 ::1:53                      :::*                                    976/named           

But I still have the same problem of connection refused. I made sure I restarted the service iptables.

What am I doing wrong here? I am running a CentOS release 6.7 (Final). Thanks

Are you sure that tomcat itself is listening on port 8080? Because the docker container is indeed listening on port 32768 and that port is opened in the firewall ( In fact entirely open because the policy is ACCEPT and there is no REJECT or DROP rule ), it seems that may be the problem.

You can verify with docker exec -ti pensive_leakey ss -tln

don’t touch your iptables, these are OK. But your netstat says 32768 only listens on IPv6 and not on IPv4. Are you sure browser is trying to access it via IPv6?

Why only state NEW tcp dpt:32768? After connection established, and somebody start send data firewall reject it.

Hi, I changed the entry to be exactly like the others : ACCEPT tcp – 0.0.0.0/0 0.0.0.0/0 tcp dpt:32768
I restarted the service and I still have the same issue