You are starting your container with the --net host option which means your container will run on your host network. Check here for more info. So your container will be accessible on the IP of your host.
A very basic example:
$ docker run --net=host -d jenkins
This will run jenkins on your real host network. So when you open the firewall (jenkins runs on 8080) you will access your container immediatly.
So I open the firewall:
$ sudo iptables -I INPUT 5 -p tcp -m tcp --dport 8080 -j ACCEPT
I check the real IP of my eth0 (host network) with ifconfig. (I’m doing this on a VM). It is inet 192.168.140.7. I go in my browser to 192.168.140.7:8080 and I see the jenkins. So your container has no own IP. It’s running on your host network and host IP.
If you leave the --net host option, the container will be created in the default docker bridge network with range "172.17.0.0/16". Now your container will get an IP from in the range of that network. To access the container from the outside you have to map your ports on your host network (see the more info). You can do this with the -p option.
So for the jenkins example:
$ docker run -d -p 8888:8080 jenkins
When I perform a docker inspect I see:
"IPAddress": "172.17.0.4",
So my container is running in the bridge network on 172.17.0.4:8080.
Now with the -p option I’m mapping the port 8080 of my bridge network on 8888 of my host network: so host-IP:8888. Now it’s accessible from the outside.