such that if a program listens on 127.0.0.2:80 inside the container i could still export it

Curious; why make the program explicitly listen on a loopback address if the intent is for it to be accessible outside of the container?

This is a valid use case for network separation. Docker's port mapping doesn't directly support binding to specific container network interfaces, but here are some working solutions:

Solution 1: Use Docker Bridge Network with Fixed IPs

docker network create --subnet=172.20.0.0/16 mynet
docker run -it --network mynet --ip 172.20.0.2 myimage

Then inside the container, you can bind services to 172.20.0.2:80 specifically.

Solution 2: Network Namespaces (Advanced)

You can use ip netns and veth pairs to create more complex networking setups:

ip netns add container_ns
ip link add veth0 type veth peer name veth1
ip link set veth1 netns container_ns
ip netns exec container_ns ip addr add 192.168.1.2/24 dev veth1

Solution 3: Docker Compose with Custom Network

services:
 myservice:
 image: myimage
 networks:
 mynet:
 ipv4_address: 172.20.0.5
networks:
 mynet:
 driver: bridge
 ipam:
 config:
 - subnet: 172.20.0.0/16

Solution 4: Host Networking (if applicable)

For some use cases, use --network host (Linux only), but this sacrifices isolation.

The recommended approach is Solution 1 or 3 with custom Docker bridges where you assign fixed IPs to containers and bind services to those specific IPs internally.