I have the Xdebug PHP extension installed in a Docker container that runs the PHP-FPM of my development and testing environment.
A debugging client (the one build-in PhpStorm) listens on port 9000 on my local Windows machine.
When I install a SSH server inside my PHP-FPM container and use PuTTY to create a reverse SSH tunnel that points from a local port inside the PHP-FPM container to port 9000 on my Windows machine Xdebug connects just fine to PhpStorm.
But for obvious reasons I don't want a SSH server to run inside my PHP-FPM container. But I am unable to access the port on my host, when I create the reverse SSH tunnel pointing from the host (and not inside a container) to my Windows machine.
To test this I installed telnet inside the container. When I run telnet outside a container it is possible to connect to the port, but from within the PHP-FPM container the port is unavailable no matter if I try to connect to 127.0.0.1 or 172.17.0.1 (the Docker IP of my host).
I learned that this makes sense, since it is not possible to access the loopback device from within a container if it is run in bridge mode. When I run the container with "--net=host" it is possible to connect via 127.0.0.1 but for security reasons I need my containers to run in bridge mode.
This answer suggests to set "GatewayPorts yes" in my OpenSSH settings, but I don't want to open up my reverse ports to the public. How can I access the port (and only this port - not the whole loopback device) of the reverse SSH tunnel on the loopback device of the host from within the Docker container?
