As it states in the docs, you should be able to set port forwarding in your app.yaml and then exposing it via Firewall rules.

1.) port forwarding

network:
  forwarded_ports:
    - 2222/tcp

Debugging idea: with AppEngine Flex you can SSH into the instance for further debugging (App Engine > Instances , SSH button next to your instance).

After you logged in, you should be able to run this docker command to see the ports exposed (in my case I exposed 8081 in my app.yaml):

$ sudo docker port gaeapp
8080/tcp -> 172.17.0.1:8080
8081/tcp -> 0.0.0.0:8081

You can even check if it listens or not (in my case it's an HTTP service replying correctly 404):

curl localhost:8081
{"timestamp":1519837414455,"status":404,"error":"Not Found","message":"No message available","path":"/"}

(for telnet you'll need to install it with sudo apt-get update && sudo apt-get install -y telnet)

If this shows your port, then the next step is to double check your firewall settings.

2.) Firewall setup

gcloud compute firewall-rules create myrule --allow=tcp:8595 --source-ranges=0.0.0.0/0

However this will only let you access your app through the VM instance IP directly! (you can find your IP in the console or by listing your instances gcloud compute instances list)

See the description of forwarded_ports in the docs

forwarded_ports Optional. You can forward ports from your instance (HOST_PORT) to the Docker container (CONTAINER_PORT). If you only specify a PORT, then App Engine assumes that it is the same port on the host and the container. By default, both TCP and UDP traffic are forwarded. Traffic must be directly addressed to the target instance rather than over the appspot.com domain or your custom domain.