Can't run docker containers only local

[mhellmeier]

I want to access docker containers only locally behind the csf firewall on a remote Ubuntu server. To test this, I login to the remote server with ssh admin@mydomain.com -L 8000:127.0.0.1:8000.

If I am starting my container with -p 8000:8000, the port 8000 is exposed to the whole world (I can access it in a browser with mydomain.com:8000, as expected, but not what I wanted). If I am starting the container with -p 127.0.0.1:8000:8000 I can't access it over mydomain.com:8000 (which is great), but in both cases calling localhost:8000 will result in an ERR_EMPTY_RESPONSE error in Chrome or curl: (52) Empty reply from server in the terminal from my local machine. Executing curl localhost:8000 directly on the server will result in curl: (56) Recv failure: Connection reset by peer. This means that the servers hosts system can't connect to the docker container when using 127.0.0.1.

Tried it with different containers and different ports. After disabling csf, it works without the errors so it must be related to a csf docker configuration problem.

[mhellmeier]

@juli3nk : Is there any plan or workaround to get rid of this problem?