Why can't I reach ng by the interface IP address?

Question

I'm trying to use VirtualBox to set up an Ubuntu Linux VM to emulate the server I'm developing for. The server has three network interfaces.

On the server, there is a web page hosted by ng and an instance of Mosquitto. We want these to be available from one interface, the management interface, but not the other two. We use a VRF to isolate the management interface.

The VirtualBox adapters are configured for:

• Adapter 1 - Host-only Adapter (this is intended to be the management interface). In the VM it is ensp0s3 with address 192.168.56.104.
• Adapter 2 - NAT. In the VM it is enp0s8 with address 10.0.3.15.
• Adapter 3 - NAT. In the VM it is enp0s9 with address 10.0.4.15.

On the host-only network, the host is 192.168.56.103.

In the VM I don't care about the isolation but I am running into a problem where I can't reach the web page from the host computer.

The web page is served by ng serve --host 0.0.0.0 --disable-host-check and configuration puts it on port 4200. I understand that 0.0.0.0 to mean "all addresses".

lsof shows:

$ sudo lsof | grep :4200
ng\x20ser  30802                            root   20u     IPv4             330718      0t0        TCP *:4200 (LISTEN)
ng\x20ser  30802 30803 node                 root   20u     IPv4             330718      0t0        TCP *:4200 (LISTEN)
ng\x20ser  30802 30804 node                 root   20u     IPv4             330718      0t0        TCP *:4200 (LISTEN)
ng\x20ser  30802 30805 node                 root   20u     IPv4             330718      0t0        TCP *:4200 (LISTEN)
ng\x20ser  30802 30806 node                 root   20u     IPv4             330718      0t0        TCP *:4200 (LISTEN)
ng\x20ser  30802 30807 node                 root   20u     IPv4             330718      0t0        TCP *:4200 (LISTEN)
ng\x20ser  30802 30808 node                 root   20u     IPv4             330718      0t0        TCP *:4200 (LISTEN)
ng\x20ser  30802 30916 ng\x20ser            root   20u     IPv4             330718      0t0        TCP *:4200 (LISTEN)
ng\x20ser  30802 30917 ng\x20ser            root   20u     IPv4             330718      0t0        TCP *:4200 (LISTEN)
ng\x20ser  30802 30918 ng\x20ser            root   20u     IPv4             330718      0t0        TCP *:4200 (LISTEN)
ng\x20ser  30802 30919 ng\x20ser            root   20u     IPv4             330718      0t0        TCP *:4200 (LISTEN)

netstat and ss show similar open bindings:

$ sudo netstat -tln | grep :4200
tcp        0      0 0.0.0.0:4200            0.0.0.0:*               LISTEN
$ sudo ss -tln | grep :4200
LISTEN  0        511              0.0.0.0:4200           0.0.0.0:*

But trying to navigate to http://192.168.56.104:4200 in a browser on the host computer gives "connection refused."

I know it's not an issue with network reachability because

1. I can ping the VM from the host
2. I can ssh into the VM from the host
3. If I do watch -n 1 "ifconfig enp0s3" in the VM I see the counters increment a few packets each time I refresh the browser.

In the VM, curl http://0.0.0.0:4200 and curl http://127.0.0.1:4200 both return the page but curl http://192.168.56.104 says:

curl: (7) Failed to connect to 192.168.56.104 port 4200: Connection refused

I don't seem to be blocked on the VM because sudo ufw status says "Status: inactive" and sudo iptables-save says:

# Generated by iptables-save v1.8.4 on Tue Nov 29 14:13:18 2022
*filter
:INPUT ACCEPT [160:15704]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [219:23422]
-A FORWARD -m physdev --physdev-in enp0s8 --physdev-out enp0S9 -j ACCEPT
-A FORWARD -m physdev --physdev-in enp0S9 --physdev-out enp0s8 -j ACCEPT
COMMIT
# Completed on Tue Nov 29 14:13:18 2022

I might think this was some odd ng thing but I see the same failures with a MQTT broker in the VM.

So, when bound to 0.0.0.0, why can't I use the "real" IP address from a browser on the host or with curl on the VM?