Continuing the discussion from Container port mapping error:
I am running into this and I have a theory. Could be wrong but it’s what I see happening.
When I start a container with no port mappings, but attach it to a network, the IP address of the gateway for that network listens on any UDP ports that are being listened to inside the container by running services. But not for TCP ports.
So, I have a DNS server running in a container with assigned ip 10.99.0.2 and listening on ports 53/tcp, 53/udp, 5380/tcp.
Netstat on the router host shows:
Nothing listening on ports 53/tcp or 5380/tcp. But I see this for the UDP port:
udp 0 0 10.99.0.1:53 0.0.0.0:*
You see that 10.99.0.1 is bound to port 53/udp. That network interface exists on the host.
Now, when I use the container config to bind to ports, the tcp ports all work. But, 53/udp fails. The container starting up attempts to bind to 0.0.0.0:53/udp, but fails because of a conflict that 10.99.0.1 is already bound there. Hence the failure and error.
I don’t think it’s a privileged port thing. Why would 53/tcp work? Why does 52/udp and 54/udp work?
I’m not sure why the host interface binds to listening udp ports??? Maybe it’s required so that when someone tries to connect to 10.99.0.2:53/udp (which does work), it gets forwarded in that way? But forwarding is not required for tcp so it’s not bound on tcp on the host?
Anyway, I specified my primary host lan interface,
listen-address 10.0.0.1
And it works. Because the binding is no longer conflicting with 10.99.0.1.
Anyway, my 2 cents.
EDIT: IPv6 does not do this. It does not bind the gateway address for the pod network to udp ports listening inside the container. Don’t know why.