Accessing managed network from external

I’m confused. My load balancer and dns require services to be on the managed 10.42.x.x/16 network. How do I access this network (i.e. port forward/nat)?

I’m using the following:

docker-compose.yml:
version: '2'
volumes:
  itrdevpsql:
    external: true
    driver: rancher-nfs
  itrdevcdn:
    external: true
    driver: rancher-nfs
services:
  itrdevpsql:
    image: postgres
    environment:
      POSTGRES_PASSWORD: XXXXXXXXXXXXXXXXXXXXXXXX
      POSTGRES_USER: devuser
      PGDATA: /var/lib/postgresql/data
      POSTGRES_DB: itrdevdb
    stdin_open: true
    volumes:
    - itrdevpsql:/var/lib/postgresql/data
    domainname: dev.project
    tty: true
    labels:
      io.rancher.container.pull_image: always
  itrdevcdn:
    image: nginx
    environment:
      NGINX_HOST: m.dev.project
      NGINX_PORT: '80'
    stdin_open: true
    volumes:
    - itrdevcdn:/usr/share/nginx/html
    domainname: dev.project
    tty: true
    labels:
      io.rancher.container.pull_image: always
  lbitrdev:
    image: rancher/lb-service-haproxy:v0.7.15
    ports:
    - 0.0.0.0:5432:5432/tcp
    - 0.0.0.0:8000:8000/tcp
    labels:
      io.rancher.container.agent.role: environmentAdmin,agent
      io.rancher.container.agent_service.drain_provider: 'true'
      io.rancher.container.create_agent: 'true'


rancher-compose.yml:
version: '2'
services:
  itrdevpsql:
    scale: 1
    start_on_create: true
  itrdevcdn:
    scale: 1
    start_on_create: true
  lbitrdev:
    scale: 1
    start_on_create: true
    lb_config:
      certs: []
      port_rules:
      - backend_name: ''
        priority: 3
        protocol: tcp
        service: itrdevpsql
        source_port: 5432
        target_port: 5432
      - priority: 4
        protocol: tcp
        service: itrdevcdn
        source_port: 8000
        target_port: 8000
    health_check:
      healthy_threshold: 2
      response_timeout: 2000
      port: 42
      unhealthy_threshold: 3
      initializing_timeout: 60000
      interval: 2000
      reinitializing_timeout: 60000

To clarify:
I created a load balancer. 2 machines (one nginx, one psql).
I also added a host ip: 192.168.1.5 and port 8000.

From the console of rancher os:
root@rancher-server:~# curl 192.168.1.5:8000
<h4>hello world</h4>

However, from my Windows 10 workstation (with an IP of 192.168.1.97), it gets a:
This site can’t be reached.
ERR_CONNECTION_REFUSED

… in the browser.

Also, I looked and the reason it appears I can’t connect is due to a firewall rule on the rancher server:
root@rancher-server:~# iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination
CATTLE_NETWORK_POLICY all – 10.42.0.0/16 10.42.0.0/16
CATTLE_FORWARD all – 0.0.0.0/0 0.0.0.0/0
DOCKER-ISOLATION all – 0.0.0.0/0 0.0.0.0/0
DOCKER all – 0.0.0.0/0 0.0.0.0/0
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
ACCEPT all – 0.0.0.0/0 0.0.0.0/0
ACCEPT all – 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain CATTLE_FORWARD (1 references)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 mark match 0x1068
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 mark match 0x4000
ACCEPT all – 0.0.0.0/0 10.42.0.0/16

Chain CATTLE_NETWORK_POLICY (1 references)
target prot opt source destination

Chain DOCKER (1 references)
target prot opt source destination
ACCEPT tcp – 0.0.0.0/0 172.17.0.3 tcp dpt:27017
ACCEPT tcp – 0.0.0.0/0 172.17.0.2 tcp dpt:80
ACCEPT tcp – 0.0.0.0/0 172.17.0.4 tcp dpt:8080

Chain DOCKER-ISOLATION (1 references)
target prot opt source destination
RETURN all – 0.0.0.0/0 0.0.0.0/0

am I going about this wrong?