I can confirm that --publish (-p) option indeed does not work as expected, with other containers as well. I can only connect to the port from NAS itself, not from other hosts. All necessary iptables rules seem to be there... but are not working.
EDIT:
Actually, not all necessary iptables rules are present. There are no proper entries in FORWARD chain.
I added them with these commands, and my published port is accessible from other hosts:
Code: Select all
/volume0/usr/builtin/sbin/iptables -A FORWARD -i eth0 -o docker0 -j DOCKER
/volume0/usr/builtin/sbin/iptables -A FORWARD -i docker0 -o eth0 -j ACCEPT
Note that this configuration will most probably allow all incoming connections to docker containers, regardless of your firewall / ADM Defender settings.