Isn’t the routed networking mode applicable for this in recent versions?
I’ll have to admit that I’ve not tried it, but I skim read it some time ago and looked suitable for routing a public IP to a container. If you want could be container running a service or could be a haproxy forwarding inbound via http(s) or tcp (l4 proxy).
Cheers,
Jon.