Publish port should only bind to either localhost or 0.0.0.0

[Nino-K]

Currently, if a user provides any IP address other than localhost or 0.0.0.0, the Docker proxy fails to bind.

PS C:\Users\Happy> docker run -d -p 172.27.176.1:6604:80 --restart=always nginx
64f570b7b7b2f4c795ef9c4facb62dc336b15bc2012fcf3a0a8e15fbbef8e646
docker: Error response from daemon: driver failed programming external connectivity on endpoint xenodochial_liskov (044b082e31952f657903daee6acf97d266c6e867720f81c9672a4e948ff95a5c): Error starting userland proxy: listen tcp4 172.27.176.1:6604: bind: cannot assign requested address.

However, if a valid IP address from the network namespace is provided, the Docker proxy binds to that address successfully, but the port remains inaccessible. In the case of containerd, the binding always occurs successfully, resulting in a silent failure where the port is not accessible.

docker run -d -p 192.168.127.2:6604:80 nginx

It’s worth noting that nerdctl successfully creates the container and handles port bindings in all the scenarios described above. However, the actual ports will not be accessible, and this is a known issue.

This behavior should be addressed in the guest agent. We should define the HostIP in the guest agent as either localhost or 0.0.0.0. If the user provides localhost, the HostIP will be set to localhost; otherwise, it will default to 0.0.0.0, regardless of the IP address provided.