rapid-napkin-54569
05/20/2023, 12:53 AMfast-garage-66093
05/20/2023, 1:04 AMdocker run -d --name nginx --restart=always -p 127.0.0.1:8080:80 nginx
80
just on localhost and not any external interfacerapid-napkin-54569
05/20/2023, 1:15 AMfast-garage-66093
05/20/2023, 1:21 AMrapid-napkin-54569
05/20/2023, 1:22 AMfast-garage-66093
05/20/2023, 2:21 AM0.0.0.0
, so there isn't really a way to prevent a user from doing this intentionally. You could configure Rancher Desktop not to bind to it, but the user could undo this, if they really wanted to.127.0.0.1
to 0.0.0.0
themselves, independent of what RD might do.rapid-napkin-54569
05/20/2023, 9:23 PMfast-garage-66093
05/20/2023, 10:38 PM$ docker run -d --name nginx --restart=always -p 127.0.0.1:8080:80 nginx
$ curl -s 127.0.0.1:8080 | grep title
<title>Welcome to nginx!</title>
$ curl -s 192.168.17.20:8081 | grep title
# Next command in a different shell; it needs to remain running
$ socat tcp-listen:8081,reuseaddr,fork tcp:localhost:8080
$ curl -s 192.168.17.20:8081 | grep title
<title>Welcome to nginx!</title>
socat
is not part of macOS, but you can do the same thing with mkfifo
and `nc`; it is just a little more work. But it shows that as an unprivileged user you can easily forward any port from 127.0.0.1
to 0.0.0.0
if you really want to.127.0.0.1
instead of 0.0.0.0
. But that would break docker compatibility. Not sure if it is worth spending effort on.rapid-napkin-54569
05/23/2023, 2:39 AM