Network connectivity between docker container using bridge network and docker container using net host

Question

Question

Is it possible to access a Port, inside a Container_A using host networking --net host, from within a Container_B using Bridge networking --network=secure-network? Without some external application doing the routing?

I have container A. Using Host network --net host

 ExecStart=/usr/bin/docker run --name=agent-a \
      --detach \
      --net host \
      --pid host \
      -v /run:/run:ro \
      -v /sys/fs/cgroup:/sys/fs/cgroup:ro \
      --mount type=bind,source=/mnt/agent_a.py,target=/agent_a.py \
      local/agent-a:local \
    python3 /agent_a.py

agent_a.py binds to 0.0.0.0 on port 5678 (A Web server)

I have container B, Using Docker network: --network=secure-network

ExecStart=/usr/bin/docker run \
  --init \
  --restart always \
  --cap-add SYS_ADMIN \
  --cap-add SYS_PTRACE \
  --ip=192.168.10.10 \
  --network=secure-network \
  --name=agent-b \
  us-docker.pkg.dev/agents/gcr.io/agent-b:local

I need container B to reach container A.

In host:

• Test 1: CLI into OS host IP address: 10.128.0.70 is reachable
• Test 2: CLI into OS host IP address: 10.128.0.70 is reachable via web (curl):
• Test 3: CLI from agent B to OS IP 10.128.0.70 is reachable via ping.

ping 10.128.0.70
PING 10.128.0.70 (10.128.0.70) 56(84) bytes of data.
64 bytes from 10.128.0.70: icmp_seq=1 ttl=64 time=0.051 ms
64 bytes from 10.128.0.70: icmp_seq=2 ttl=64 time=0.064 ms
^C
--- 10.128.0.70 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1014ms
rtt min/avg/max/mdev = 0.051/0.057/0.064/0.006 ms

• Test 4. CLI from agent B to OS host 10.128.0.70 is not reachable via web:

curl -vv http://10.128.0.70:5678/health
*   Trying 10.128.0.70:3454...

Configs

sudo docker network ls
NETWORK ID     NAME            DRIVER    SCOPE
4eab8870c1cc   bridge          bridge    local
a7c6e199d01a   secure-network  bridge    local
32fb6d1f566c   host            host      local
53190c781054   none            null      local

sudo docker network inspect secure-network
[
    {
        "Name": "secure-network",
        "Id": "a7c6e199d01a51daa43a18d04c07a03f0e590cd9ff4ed971d671657cf5e3f32a",
        "Created": "2023-07-02T07:47:36.147584427Z",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "192.168.10.0/24",
                    "Gateway": "192.168.10.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {            
            "c44594d803226d41a588c6a23375d60052c9144020bd51ac450e1ece0d7a067d": {
                "Name": "agent-b",
                "EndpointID": "68963552203a1dbc3d718bc4455e050bf4c6172c7b6d638e05fcb3511a490902",
                "MacAddress": "02:42:c0:a8:0a:0a",
                "IPv4Address": "192.168.10.10/24",
                "IPv6Address": ""
            }
        },
        "Options": {},
        "Labels": {}
    }
]

Looks like container A does not know how to route to 192.168.x.x network.

sudo netstat -anp | grep 5678
tcp        0      0 0.0.0.0:5678            0.0.0.0:*               LISTEN      10207/python3

I have tried binding agent A to 10.128.0.70:5678 and does not work.

Similar: Docker: Communicate from a "Bridge-Network Container" to a Host-Networking Container