无法访问Docker容器中的端口

Question

我已经发布了四个从容器到主机的端口，但是其中只有三个（8080、33099、37017）可以访问。这是docker容器的外观：

CONTAINER ID        IMAGE                COMMAND             CREATED             STATUS              PORTS                                                                                    NAMES
cdbc07f875ea        test:latest   "bash"              35 minutes ago      Up 35 minutes       0.0.0.0:8080->8080/tcp, 0.0.0.0:33098-33099->33098-33099/tcp, 0.0.0.0:37017->37017/tcp   test1

docker主机上的iptables：

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DOCKER     all  --  anywhere             anywhere             ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
DOCKER     all  --  anywhere            !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  172.17.0.0/16        anywhere
MASQUERADE  tcp  --  172.17.0.2           172.17.0.2           tcp dpt:37017
MASQUERADE  tcp  --  172.17.0.2           172.17.0.2           tcp dpt:33099
MASQUERADE  tcp  --  172.17.0.2           172.17.0.2           tcp dpt:33098
MASQUERADE  tcp  --  172.17.0.2           172.17.0.2           tcp dpt:http-alt

Chain DOCKER (2 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere
DNAT       tcp  --  anywhere             anywhere             tcp dpt:37017 to:172.17.0.2:37017
DNAT       tcp  --  anywhere             anywhere             tcp dpt:33099 to:172.17.0.2:33099
DNAT       tcp  --  anywhere             anywhere             tcp dpt:33098 to:172.17.0.2:33098
DNAT       tcp  --  anywhere             anywhere             tcp dpt:http-alt to:172.17.0.2:8080

任何想法，为什么33098端口无法访问？