I'm originally doing some composition with Docker bridge network, and noticed that instead of the whitelisted local IP, the requests are always sent from the gateway IP.

To reproduce it with minimal effort, I used two Python containers to run a HTTP server and client:

docker run -it --rm python:alpine sh

On the server side:

python -m http.server

On the client side:

wget 172.17.0.3:8000

Expected output, is that the request comes from the container IP:

Serving HTTP on 0.0.0.0 port 8000 (http://0.0.0.0:8000/) ...          
172.17.0.2 - - [time] "GET / HTTP/1.1" 200 -

Actual output, which the request comes from the bridge gateway IP:

Serving HTTP on 0.0.0.0 port 8000 (http://0.0.0.0:8000/) ...          
172.17.0.1 - - [time] "GET / HTTP/1.1" 200 -

However, when I ran the same test on my laptop, I get the expected behavior (container IP). The problem only seems to happen on my server.

What can result in such behavior? Is is some sort of sysctl or iptables problem?

I have found the cause, which is an ancient iptables-save entry. It was hard to notice as iptables -nvL doesn't show NAT rules by default.

After removing them from /etc/iptables/rules.v4, everything worked as intended.