Connecting to WSL2 server via local network [closed]
Asked Answered
G

18

156

I'm developing a rails app using WSL2/Ubuntu on my Windows 10 machine, which is great! The problem is I can't connect to my server from another computer in the same network.

For further clarity, I am running a Puma server on localhost:3000

I have tried the following:

  1. Directly connecting to the IP address assigned to Ethernet adapter vEthernet (WSL) -> 172.26.208.1:3000
  2. Directly connecting to the host machine's IPv4 address -> 192.168.0.115
  3. Adding a firewall exception (using Bitdefender)
  4. Binding the IPs above rails s -b 172.26.208.1 -p 3000

None of the above have worked thus far... What I'd like to do is:

  • Test the website on another laptop/tablet/phone
  • Use VScode from another computer

Is there anything I'm missing to at least see the website correctly? (and any comments on the VScode part would be appreciated)

Guiltless answered 2/4, 2020 at 23:14 Comment(2)
None of the below answers worked for me (trying to get a virtualized serf cluster connected TCP and UDP on port 7946). I used the solution here: github.com/microsoft/WSL/issues/4150#issuecomment-1018524753 (also mentioned on the WSLHostPatcher site). Only difference is that I added to dhcp=true to .wslconf as wsl eth0 kept the previous IP (for the previous Hyper-v adapter)Truesdale
In Windows 11 22H2+ and WSL2, this can now be achieved easily without port forwarding with mirrored mode networking. See superuser.com/a/1830244/749911 or learn.microsoft.com/en-us/windows/wsl/…Proto
S
178

See this video, it helped me:

https://www.youtube.com/watch?v=yCK3easuYm4

netsh interface portproxy add v4tov4 listenport=<port-to-listen> listenaddress=0.0.0.0 connectport=<port-to-forward> connectaddress=<forward-to-this-IP-address>

for example

netsh interface portproxy add v4tov4 listenport=3000 listenaddress=0.0.0.0 connectport=3000 connectaddress=172.30.16.3

Microsoft has published a little bit of information about this on their WSL1 to WSL2 comparison page

Staysail answered 7/9, 2020 at 16:38 Comment(10)
Thanks, this works great. For anyone who doesn't want to watch the whole video, this needs to be run in an elevated powershell prompt, not from WSL, the connectaddress should be your WSL IP, and you'll probably need to allow the port through windows firewall. Side note, this is the same thing the script in the top answer is doing, but it's nice to just see the necessary command rather than the whole script.Daegal
Doesn't works for me unfortunately. I'm trying to connect to my local webserver with my iPhone (to test the mobile version of a website). My code is running in a WSL machine and opens a server after npm start on the port 1337. So I typed this netsh interface portproxy add v4tov4 listenport=1337 listenaddress=0.0.0.0 connectport=1337 connectaddress=127.22.240.165. I though I could try on my iPhone: 192.168.1.32:1337 but maybe I misunderstood the procedure.. Any help?Laurenalaurence
Can you reach your sever from local machine? It should be like: 127.22.240.165:1337, if not, that is your problem related to your server app. If yes, try to disable firewall, or maybe your wsl ip address is wrong, double check it. Try bridge mode, cause this method is for temporary uses, because the ip address changes everytime you restart the host.Staysail
Yes I can reach the app from Windows via http://127.22.240.165:1337. I tried to disable the Windows firewall and test again on the phone, but it still doesn't respond. On the other hand, the netsh ... command didn't output anything ; I expected it would awake the Firewall at the first try, but no. Maybe the "portproxy" didn't have any effect. How can I check what proxies are set up on Powershell?Laurenalaurence
I could see what proxies were set up by using netsh interface portproxy show v4tov4 and they were all set. I also tried to clean them all and test again, and I was still able to reach the app via http://127.22.240.165:1337 on Windows (even with no portproxy), but I definitely can't join my app from my iPhone 😥 Maybe that could come from my Internet box ?Laurenalaurence
I'd like to add that I had a weird issue where my ipv4 for WSL in powershell after running ipconfig was different than what my Ubuntu was saying. The IP Ubuntu was saying was correct and for whatever reason the WSL ipv4 in the ipconfig command was not right. Might have to do with the Ethernet port.Ably
Don't forget to add the listen port to the firewall to be able to connect: netsh advfirewall firewall add rule name= "Open Port 3000" dir=in action=allow protocol=TCP localport=3000Lactam
@Ably I feel like this information is key. I also have this. My guess is that windows is forwarding traffic for WSL to the IP listed in ipconfig but WSL is listerning on the IP listed by ip addr inside WSL.Decode
Needs Admin access 💀Cassiterite
@Laurenalaurence Where you able to find a fix for this? I think I have the same issue as you. I setup a MongoDB server on VsCode, inside wsl2 to run locally on my computer. I have an Android Studio app that is to save data and connect to this server, and I have added my wsl2 local ipaddress to the project to listen to it, but this method still doesn't work for me. Where you able to find a fix?Virginia
K
94

First, you will need to open a port in your machine to be able to access it from your network.

netsh advfirewall firewall add rule name="Allowing LAN connections" dir=in action=allow protocol=TCP localport=5000

After you open the port (5000 in my case) you will need to make port forwarding from this port to the port that your app is listening on in the WSL.

netsh interface portproxy add v4tov4 listenaddress=0.0.0.0 listenport=5000 connectaddress=localhost connectport=<the port that your app is listening on>

Notice: I set the connectaddress to localhost not to the IP address of the WSL because by default the requests that go to localhost are forwarded to the WSL. By doing this you won't need to set the port forwarding every time you restart your machine because the IP address of the WSL is dynamic.

Kyliekylila answered 5/3, 2021 at 2:12 Comment(17)
I don't know why this isn't the best answer. It's basically two PowerShell pastes and no download needed.Agni
Hmm, localhost didn't work for me - I had to specify the WSL ip address directly.Wandering
Would this work with same ports? EDIT: It seems that it doesn't. (localhost to 0.0.0.0).Agni
Yep, same here. localhost didn't work and had to use the actual IP of the WSL. (Command 'ip addr' inside the Ubuntu WSL gave me the relevant address)Masterpiece
Only localhost or 127.0.0.1 works for me. Specifying WSL ip doesn't work in my case.Syncope
localhost or wsl actual ip both work for me,because i start up ip helper service when i realized i didn't open itPhototransistor
worked for me on win11 with wsl2 all updated and using localhost as connectaddressFrustrated
Setting connectaddress to localhost did the trick for me. I tried following the Microsoft documentation for this exact problem. They said to set the connectaddress to the IP of the WSL2 virtual machine, which didn't work for me.Shortchange
The WSL2 IP is changed every reboot so it's not a practical solution for me.Kyliekylila
That's the proper solution! It works even for the same port, but you'll need to change listenaddress=0.0.0.0 to your actual windows IP.Ulent
It's probably intuitive to some but make sure the first listen port (which this answer shows as 5000) isn't being used by anything else! And is different to the second listenport.Scotism
After trying everything else, the only thing that got it to work for me was changing listenaddress from 0.0.0.0 to my Windows machine's IP on the local network.Shortchange
This is the only solution that worked for me on Win10. Took me over a day of trying the method suggested on the Microsoft site. Do we know why this is working for some but not others? Seems weird.Hebetic
Wow... did someone said this is the best solution...? Anyone checked your netstat -ano after this command? I wonder if that is normal?Rozamond
In my case. I checked netstat -ano and find out my app on WSL is listening [::1]:8080, so my final command is netsh interface portproxy add v4tov4 listenaddress=0.0.0.0 listenport=8080 connectaddress=127.0.0.1 connectport=8080.Rozamond
I've tried localhost but after that, netstat -ano just showing terrible output and not work for me.Rozamond
worked like a charm. Just had to change the ports accordingly. Thank you.Rapine
S
47

Option 1: Use port forwarding

This one worked for me:

  1. Run the port forwarding by a script from xmeng1: https://gist.github.com/xmeng1/aae4b223e9ccc089911ee764928f5486

The firewall commands in that script didn't work on my system. So I deactivated the Windows firewall completely and use the following stripped version. (The final users will use a 3d party firewall anyway, so that's ok).

$remoteport = bash.exe -c "ifconfig eth0 | grep 'inet '"
$found = $remoteport -match '\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}';

if ($found)
{
  $remoteport = $matches[0];
} else {
  echo "The Script Exited, the ip address of WSL 2 cannot be found";
  exit;
}

#[Ports]

#All the ports you want to forward separated by coma
$ports=@(123,456);

#[Static ip]
#You can change the addr to your ip config to listen to a specific address
$addr='0.0.0.0';
$ports_a = $ports -join ",";

for ($i = 0; $i -lt $ports.length; $i++)
{
  $port = $ports[$i];
  iex "netsh interface portproxy delete v4tov4 listenport=$port listenaddress=$addr";
  iex "netsh interface portproxy add v4tov4 listenport=$port listenaddress=$addr connectport=$port connectaddress=$remoteport";
}

#Then so something, e.g.
#bash.exe -c "cd /g-inverter; ./start_docker.sh"

You may need to "apt install net-tools" for ifconfig in the script. There's also a solution with "ip addr" in the internet somewhere that does not need ifconfig" in a great thread, I haven't a link for here and now.

Caveat

This works only for TCP traffic. netsh interface portproxy does not support port forwaarding of UDP traffic.

Option 2: Bridge mode

Solution: Switch from NAT to Bridge mode

WSL2 comes by default in NAT mode. There the wsl2 system has another ip in another subnet than the host. The PC is from external peers only visible by the windows IP and the wsl2 ip/net is hidden/internal. So all traffic would need to be accepted by the windows IP and then forwarded to the wsl2 ip (port forwarding).

There is another mode called bridge mode. In bridge mode your network interface card will be shared to the wsl2 system, and it will get its own IP/Net in wsl2. So in effect your network card is shared to both systems (windows / wsl2) and will have two IPs, as if you'd have two systems with its own network card each. Cool thing: You will never have port conflicts when Windows uses the same port as well, as your wsl2 app (like 111).

Enable bridge mode

Open Hyper-V Manager as administrator

Select your pc, open Virtual Switch Manager

Select WSL

Set to external network

Select the network card the traffic runs through

Then login to wsl2 terminal and configure an IP address. E.g.

sudo ip addr add 192.168.0.116/24 dev eth0

You need to use another free IP (not your Windows IP). If your network has a DHCP server your wsl can get one by:

sudo ip addr flush dev eth0
sudo dhclient eth0

Caveat

I haven't elaborated yet, how to get DNS working in this scenario in case you want to still be able to access the internet (apt etc.). There's some documentation from MS written in /etc/resolv.conf and maybe executing what's written there and installing resolvconf (prior to all steps above, as you have no internet once you start to bridge) might do the trick.

Stokowski answered 17/6, 2020 at 21:6 Comment(17)
Update: This approach became tedious and threads in the internet get longer and longer where people struggle with it. We decided that WSL2 is not mature enough for stable server hosting and finally decided to install all servers on Windows. WSL2 docker instances put files to Windows folders, that are hosted then with Windows servers. This meant that we needed to license, install and maintain 3d party products on every PC. But we're not convinced enough of WSL2 being industry ready. I'm sure this will get better in a few years. We're 100%ly long term stable now.Stokowski
Bridge mode sounds like it might be a good solution, but my machine running WSL2 does not have the Hyper-V windows extension enabled, and reading the Hyper-V docs makes be worry that this feature might cause problems.Pretender
@Stokowski Well, the Option 1 actually doesn't work: after executing the above script (exactly as it was posted) I don't see any additional rules at Windows firewall and port forwarding doesn't work. Also I've tried to completely turn off Windows firewall - still no effect. Any help please? Thanks!Connelly
"The firewall scripts didn't work for me, so I completely turned off the firewall" is terrible advice. The firewall scripts did work for me, so please leave your firewalls intact people!Zingaro
Option 2 is not possible as the Virtual switch manager is unable to change the wsl switch to external. It will throw an error switch port delete failed ...Dumbbell
i was able to get it to work. i was able to even get udp ports to work as well. i have a device on my local network that is sending debug output over udp, and socat within wsl2 was able to pick it up. i set this in my /home/user_name/.bashrc echo nameserver 192.168.254.254 | sudo tee /etc/resolv.conf sudo sudo ip addr flush dev eth0 sudo ip addr add 192.168.254.25/24 dev eth0 sudo dhclient eth0 > /dev/null 2>&1 and then use sudo visudo to be able to run sudo command swithout the password (not point in it tbh in wsl)Addicted
once you do the above, you do exit bash/wsl and do wsl --shutdown. then go to hyperv and change the adapter to external. then go back to bash, and with the commands entered from the post above, it should be able to sudo apt-get update and socat udp-recv:18194 stdoutAddicted
but be ready, because once you reboot, it obliterates your windows network adapters to the point that you have to go to control panel -> network and internet ->advanced network settings -> network reset. then reboot. then, heres the kicker. wsl is fried as well so you need to unregister and reinstall. good luck. microsoft has completely screwed this up too. like how tf can you not forward a UDP port to wsl? xd whos fuggin idea was this?Addicted
@Dumbbell I ran into the same problem, turns out I need to shutdown wsl wsl --shutdown and run Hyper-V Manager as administrator.Rea
This worked indeed. It wasn't working for me in previous builds but on latest it worked. I have a question, have you managed to set a static IP for eth0 permanently? I notice there's no /etc/network/interfaces file and it's not readDumbbell
I have not. I'm still working on getting DNS working.Rea
For the DNS I changed /etc/resolv.conf to use nameserver 8.8.8.8 and then used chattr +i /etc/resolv.conf to make sure wsl won't delete it. It worked pretty fine for me. The issue is assigning the static IP on the startup as the 3 commands in the answer suggest but when the interface goes up @ReaDumbbell
I really like option 2 and it is working great, however, when I reboot, it loses the configuration and goes back to "Internal Network". How do I mange this survive a reboot?Sylvan
In the Option 1 script you could just do: $remoteport = wsl.exe hostname -I to get the WSL IP address.Jennefer
@Dumbbell I also get an error, but it doesn't stop you for working around it. So the trick is to set is to private first, then error pops up. Then ignore that error, close the dialog, then go back into that menu, it should be set to private now even though the error showed up. At this point, one can set it to use external network and viola, it works. The error dialog can be avoided if you set it first, then close it, then come back to that dialog.Romanticize
IMP: For the bridge mode i had to uninstall wireshark/npcap to make it working.Emileeemili
If you choose option 2, you need to shut down WSL first by the command wsl --shutdown on the windows sideTjaden
R
36

WSL2 exposes ports on the local interface (which is why in Windows you can access localhost:8080 when your 8080 service is running in WSL2), but they listen on 127.0.0.1 (which is why you can't access yourhostname:8080 on other computers your LAN).

There's a tool to fix this called WSLHostPatcher, which you can find here (download via the Releases section): https://github.com/CzBiX/WSLHostPatcher

WSLHostPatcher changes the behaviour to listen on all IPs, exposing any WSL2 services to all computers on your network.

  1. Download the latest release from https://github.com/CzBiX/WSLHostPatcher/releases (I tested v0.1.0)
  2. Unzip the file
  3. Run the WSLHostPatcher.exe
  4. (Re)start your service in WSL2

The service should now be accessible via other computers on your network.

Rotative answered 8/3, 2021 at 0:46 Comment(5)
This sounds great, but the instructions don't work. There is no WSLHostPatcher.exe file. Not many stars on the repo... is this legit?Gerbil
WSLHostPatcher.exe is in the release.zip file. If you're skeptical you could compile it yourself from the repo after examining the source. Not my repo so I can't guarantee it!Rotative
After spending hours here and there, this worked like a charm for me. Thank you very much.Leban
this doesnt work for udp portsAddicted
worked for me! make sure you do it in the right order: start wsl > run the exe > start the server. you also might need to click allow on the firewall popupSopher
E
15

Taking into consideration the above (correct) solutions this is a simplified one liner version that works for me:

  1. Use "ifconfig" to find your wsl2 public IP address. Have in mind that The Hyper-V Switch IP change everytime when the Windows reboot, so the Public IP in wsl2 also changes. enter image description here
  1. Run the following command using the IP found in the previous step in connectaddress parameter:

    netsh interface portproxy add v4tov4 listenport= listenaddress=0.0.0.0 connectport= connectaddress=172.24.26.277

Parameters explanation:

  • listenport: the port that Windows will listen

  • listenaddress: the address that your Windows will listen. Usually 0.0.0.0 should do.

  • connectport: the port that your Linux Distro through wsl2 will listen.

  • connectaddress: the public IP of your Linux wsl2 instance (found in step 1)

Use cmd or PowerShell as Administrator to run the above command.

Elbert answered 24/11, 2020 at 12:19 Comment(3)
You have to allow the port through the Windows firewall, and forward it on your router. And beware that the WSL2 IP address gets reassigned every time you restart the instance.Zaratite
And you don’t need to do ifconfig. hostname --all-ip-addresses does the job.Zaratite
This is great but when I reboot the configuration is lost again. How do I make it survive a reboot?Sylvan
J
12

Here's the full three steps I found worked for LAN development access to something running in WSL2 (Ubuntu 20 on Windows 10 20H2):

1. One time at the start: open Expo ports inbound in Windows Firewall

Windows firewall should be on — don't turn it off! —, and it should block inbound attempts by default.

The following will open the ports 19000–19001, inbound, but only on a network that you have configured as "private" (that's the -Profile Private part, replace with Domain if you're on a domain):

  • Replace the 19000-19001 with the port(s) you need.
  • Replace the DisplayName with one that works for you. It's handy for finding the rule later.

(powershell as Admin)

New-NetFireWallRule -Profile Private -DisplayName 'Expo ports for LAN development' `
    -Direction Inbound -LocalPort 19000-19001 -Action Allow -Protocol TCP

(You can check it after with Get-NetFirewallRule |Where-Object {$_.DisplayName -Match "Expo.*"} — replace the -Match arg with the DisplayName you chose)

2. Point portproxy to WSL; Re-run "Each time WSL has a new IP address"

(I'm not sure yet how often the WSL IP address changes, but I suspect only a reboot would)

I saw stuff on the web, including other answers here, saying portproxy to connectaddress=127.0.0.1 but it did not work for me (WSL2, Windows 10 20H2).
I can't say why others found it worked, I can only say that repeated testing confirmed for me that 127.0.0.1 did not work, but the WSL IP address did work.

So here's a reusable command to auto set the connectaddress to the right WSL address:
(powershell — just for the easy inline Trim() — as Admin)

netsh interface portproxy add v4tov4 listenport=19000 listenaddress=0.0.0.0 `
    connectport=19000 connectaddress=$($(wsl hostname -I).Trim());

netsh interface portproxy add v4tov4 listenport=19001 listenaddress=0.0.0.0 `
    connectport=19001 connectaddress=$($(wsl hostname -I).Trim());

3. (Optional) If your WSL needs to know your dev machine LAN IP Address

(e.g. QR-Code mobile apps like Expo)

You'll need to re-run the following inside WSL "Each time dev host has a new IP address"

  • This is the one that probably changes most often. Your laptop local network IP certainly changes when you change networks (e.g. home/office) — and can change at other times too.

Fortunately it's also pastable / aliasable:
WSL2 shell

netsh.exe interface ip show address "Wi-Fi" | grep 'IP Address' | sed -r 's/^.*IP Address:\W*//'

# e.g. for Expo, I used:
export REACT_NATIVE_PACKAGER_HOSTNAME=$(netsh.exe interface ip show address "Wi-Fi" | grep 'IP Address' | sed -r 's/^.*IP Address:\W*//')

echo Meteor will use dev machine IP address: $REACT_NATIVE_PACKAGER_HOSTNAME

I "wish I didn't have to re-run things and it could all be automated",
but that same laziness makes me happy to at least have command 2 (and 3) easy to "rerun" and consistently get the LAN access I need to my WSL2-hosted service.

Joniejonina answered 14/12, 2020 at 19:23 Comment(11)
This is the only working answer!Heartstricken
By the way it works just fine on HTTP server. However I couldn't get my DNS server working. Pi-Hole is running inside WSL2 and I did the port forward setting. I can see port 53 TCP is listening on both windows and WSL2. However external clients cannot use the DNS server ... Any ideas?Heartstricken
"I can see port 53 TCP is listening on... windows.... However external clients cannot use the DNS server" Interesting scenario! @ShinebayarG are you saying that you are able to use pihole in wsl as your windows nameserver? i.e. Is the problem that even though you configured windows portproxy for 53 and 80, when you configure your other in-network devices' nameserver to point to your windows device (which will use those ports), that doesn't work for them as a nameserver?Joniejonina
@ShinebayarG follwup question about port 53: The example in the answer step 1 includes argument -Protocol TCP. Any chance that your port 53 DNS needs you to allow UDP as well? Ditto the netsh interface portproxy command has optional protocol param.Joniejonina
yes that's correct. WSL2 + Host Windows can use the Pi-Hole just fine. It's just other network devices like my phone & other laptop can't use it. I checked the firewall + Pi-hole settings, they both look fine. netsh interface protocol only accepts tcp according to their docs learn.microsoft.com/en-us/windows-server/networking/…Heartstricken
@ShinebayarG re "netsh interface protocol only accepts tcp", that's interesting I was distracted by the "protocol: Specifies the protocol to use", but didn't notice that there is only 1 protocol you can specify. Disappointing! Have you looked at superuser.com/a/1637776/93731? It suggests one tool for UDP forwarding on Windows, and has 12 votes plus a comment from a user saying they successfully used it for self-served DNS.Joniejonina
It has only 1 answer with 1 vote. Did I miss something?Heartstricken
@ShinebayarG You didn't miss something, I pasted the wrong link! I meant to share this one from serverfault: serverfault.com/a/472692/117183Joniejonina
On my computer, I had to activate the firewall rule also for the Domain and Public profiles additionally to the Private profile.Decillion
Correct @Abdull; good point about Domain profile being another safe option, I'll add that to the answer. For Public profile you would want to highlight really a big ⚠️ about “... that also works, but then you're opening a port — running "dev" software — on a Public network.”... really have to ask the question why am I doing network based dev work on a network that I can't trust so I have it configured as "Public"? But yes if there's reasons why that's a safe and good situation, can do it.Joniejonina
Don't forget to also run netsh interface portproxy add v6tov4 with listenaddress=:: to get the connections forwarded even if they reach your Windows box over IPv6 instead of IPv4 (increasingly the norm nowadays).Enyedy
O
11
  1. install the ssh server on WSL

  2. Find some ssh client on windows

  3. Execute on windows: (Windows's IP with 192.168.x.x and WSL ip with 172.28.x.x)

    ssh -L 192.168.x.x:3000:172.28.x.x:3000 [email protected]

if it doesn't work, try to using another local port such as (192.168.x.x:3001:172.28.x.x:3000)

Ortensia answered 18/7, 2020 at 5:36 Comment(2)
Just wanted to say that after attempting every possible fix for > 6 hours while absolutely nothing worked (even disabling defender/firewall entirely), THIS is what finally did it for me. I simply cannot access the WSL2's ip address from outside of the host machine in any other way. Thank you!! 🙏🙏Gerbil
You can also install netcat on Windows directly to forward a port and not need installing ssh server on WSL unix.stackexchange.com/questions/293304/…Whilom
B
11

Getting your WSL2 distro to behave like any other client on your network

Building on Roelofs suggestion no.2, here's what made everything tick in my case. I'm too fresh to just leave a comment unfortunately.

My starting point:
Win 10 Pro
Ubuntu under WSL2
(Docker with Linux containers)

My goal:
Getting an rtmp stream from a client on the network into and back out of an nginx server running on the Ubuntu machine.

Building the bridge

In my case, I could not get Hyper-V to set the bridge up properly. After selecting External network for the WSL switch in the Virtual switch section of Hyper-V Manager and hitting apply, it eventually failed with error 0x80070490. Don't know why and didn't have the time to investigate. WSL was not running and neither was the Docker service.

Instead, I just left the setting on Internal network and bridged the interfaces the manual way, under Network Connections (run->ncpa.cpl). In my case, the WiFi connection and vEthernet (WSL). Immediately after doing this, I lost internet connectivity and it took me an embarrassingly long time to find out that a reboot was needed. (Windows for once did not ask me to!)

Getting the VM in shape

After the reboot, I now had internet access from the host, the bridge was set to DHCP and had inherited the IP of the WiFi interface (192.168.1.246). Great.

The VM however was still getting the IP of the virtual switch (or however you want to view it, the random 172.x.x.x address that windows seems to assign to the switch as well as the VM).

Firing up Ubuntu, I decided to do a:

sudo ip addr flush dev eth0

Continuing with:

sudo dhclient eth0

threw a handful of errors at me since I was using the vanilla Ubuntu distro from Windows store, no systemd, no fun. Despite that, it did manage to add the IP of the bridge to eth0. As this was not very handy, I got rid of that with:

sudo ip addr del 192.168.1.248/24 dev eth0

but not before taking a sneak peek at the routing table:

user@vm:~$ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         192.168.1.1     0.0.0.0         UG    0      0        0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0

After deleting the old IP, I added a unique one from outside of my DHCP range:

sudo ip addr add 192.168.1.50/24 dev eth0

I checked the routing table again and the first entry was gone. At this stage I could ping LAN but not WAN.

Added the entry back with:

sudo ip route add default via 192.168.1.1 dev eth0

Pinging WAN IPs was now possible, but no DNS resolution. LMGTFM: Adding permanent DNS In case the solution goes missing, here it is, credit to non-static:

Create a file: /etc/wsl.conf.
Put the following lines in the file

[network]
generateResolvConf = false

In a cmd window, run wsl --shutdown
Restart WSL2
Create a file: /etc/resolv.conf. If it exists, replace existing one with this new file.
Put the following lines in the file

nameserver 8.8.8.8

Or the IP of whatever DNS server you want to use, repeat step 3 and 4.

So, to conclude, check your routing and setup your DNS-conf properly. Unfortunately, the IP settings are reverted every time you restart WSL. If you are not ok with doing this manually every time there are discussions on how to automate it here and here. I haven't had the time to find my favorite.

Best regards Alexander

Boehmenism answered 5/10, 2020 at 23:12 Comment(1)
On Win 11, the manual bridge cripples my host internet speed in half downstream and to 1% upstream. As soon as I delete the bridge, it returns to normal.Densimeter
I
7

This worked for me using wsl2. I had an app in wsl2 listening on port 4200. In an administrator elevated powershell:

Add proxy

netsh interface portproxy add v4tov4 listenport=8080 connectport=4200 connectaddress=127.0.0.1

Note the lack of listenaddress= argument and the different listening port 8080 instead of 4200

Add firewall rule

netsh advfirewall firewall add rule name= "Open Port 8080" dir=in action=allow protocol=TCP localport=8080

Then on my wifi-connected mobile phone visit http://192.168.1.2:8080

Cleaning up

You can delete your proxy with netsh interface portproxy delete v4tov4 listenport=8080 and your firewall rule with netsh advfirewall firewall delete rule name="Open port 8080"

Notes

Obviously change to your ports to your case and 192.168.1.2 to your PCs IP on your LAN. Use ipconfig to find it. You may need to make sure the code you're running in wsl2 is bound on 0.0.0.0.

Good luck.

Ilium answered 16/8, 2022 at 15:12 Comment(0)
U
6

Another solution is to bridge WSL2 directly to the relevant network adapter. I tried doing it within Hyper-V, but couldn't get it to work. However, what did work was going to Control Panel\Network and Internet\Network Connections, selecting the NIC (Ethernet 3 in my case) and vEthernet (WSL) and bridging them by right clicking and selecting "Bridge Connections":

Bridge Connections Menu Item

You should end up with something like this:

Bridged Connections

After the bridge is set up let Windows do its thing for a minute or so (seriously!) before continuing.

Next open WSL and have it run dhcp to get a new address:

sudo ip addr flush dev eth0 && sudo dhclient eth0

At this point, both WSL and Windows should have connectivity. Check by pinging some IP address like 1.1.1.1 or 8.8.8.8. If that doesn't work, dismantle the bridge and try again. Remember to wait for a minute or two while Windows configures everything.

Additionally, make sure that eth0 has an address from your LAN (ip addr sh eth0).

The problem now is that WSL probably can't resolve domain names since WSL creates /etc/resolv.conf on startup which points to the virtual gateway which is no longer there. This can be solved by asking wsl not to create /etc/resolv.conf by appending the following to /etc/wsl.conf (create the file if it doesn't exist):

[network]
generateResolvConf=false

Then restart wsl by restarting the LxssManager windows services. The only thing that remains is setting up alternative DNS servers within WSL. Instead of the generated /etc/resolv.conf, just create a /etc/resolv.conf with something like:

nameserver 1.1.1.1
nameserver 1.0.0.1

That's it! WSL should now be bridged to your network and have its own unique address on it.

Ummersen answered 1/11, 2021 at 11:39 Comment(0)
C
5

for someone who may have been as desperate as me

I tried so many ways, I was desperate things get messed up, I can't even keep accessing localhost:3000 as default (at first, I could)

I converted wsl2 to wsl and converted it back to wsl2 (look like I reset all config for wsl2, anyway, I'm not sure) then I just added portproxy and did nothing more, it worked

PS C:\Windows\system32> netsh interface portproxy add v4tov4 listenport=3001 listenaddress=0.0.0.0 connectport=3001 connectaddress=localhost

PS C:\Windows\system32> netsh interface portproxy add v4tov4 listenport=3000 listenaddress=0.0.0.0 connectport=3000 connectaddress=localhost

PS C:\Windows\system32> netsh interface portproxy show all

Listen on ipv4:             Connect to ipv4:

Address         Port        Address         Port
--------------- ----------  --------------- ----------
0.0.0.0         3001        localhost       3001
0.0.0.0         3000        localhost       3000
Clot answered 10/10, 2022 at 16:40 Comment(1)
This worked as a charm! Thanks a lot!Lasky
H
4

WSL2-PortForward.cmd

@ECHO OFF
REM ** Set WSL Distro, Distro Port, Host Port
SET LXDISTRO=WinKDE
SET WSL2PORT=3389
SET HOSTPORT=13389
REM ** Reset any existing port proxies and delete any stale firewall rule
NETSH INTERFACE PORTPROXY RESET & NETSH AdvFirewall Firewall delete rule name="%LXDISTRO% Port Forward" > NUL
REM ** Get IP from WSL2 instance and write it out to IP.tmp
WSL -d %LXDISTRO% -- ip addr show eth0 ^| grep -oP '(?^<=inet\s)\d+(\.\d+){3}' > IP.TMP
REM ** Read IP.tmp back into batch variable
SET /p IP=<IP.TMP
REM ** Create the port proxy
NETSH INTERFACE PORTPROXY ADD v4tov4 listenport=%HOSTPORT% listenaddress=0.0.0.0 connectport=%WSL2PORT% connectaddress=%IP% 
REM ** Create a new firewall rule for the port listening on the LAN
NETSH AdvFirewall Firewall add rule name="%LXDISTRO% Port Forward" dir=in action=allow protocol=TCP localport=%HOSTPORT% > NUL
REM ** Summary
ECHO WSL2 Virtual Machine %IP%:%WSL2PORT%now accepting traffic on %COMPUTERNAME%:%HOSTPORT%

Output::

WSL2 Virtual Machine 172.17.109.95:3389 now accepting traffic on MYCOMPUTER:13389
Humberto answered 31/12, 2021 at 18:41 Comment(1)
Script works amazing! I have yesod app in wsl and now I can connect to it on different machine.Finch
G
2

Regarding bridge mode - Windows would prevent of modifying WSL virtual switch (access denied error) when any Linux distribution is running. From the other hand WSL switch is created when first Linux distro is started. I did as follows:

  1. Started wsl
  2. Left wsl shell and check that all distros are stopped ( wsl -l -v)
  3. Modified WSL virtual switch
  4. Started wsl again
Guppy answered 21/8, 2020 at 8:38 Comment(1)
For me, this wasn't enough. I had to uncheck the Hyper-V Extensible Virtual Switch setting on my network card as described here: theitways.blogspot.com/2018/01/…Behn
D
2

Finally I've got a solution that has to be run just once after the Windows host boot, works with multiple WSL2 instances at the same time, and does not have to be re-run when a WSL2 instance restarts!

Drawback: cannot listen on 0.0.0.0; you have to specify IPs or adapters for listening explicitly. (This version listens only on one IP address, but can be easily extended to use a list).

$ports = @(8000,8001);     # ports to forward
$iface = "Ethernet";       # alias of the Adapter to listen on

# if your host has a fixed IP, you can specify it here explicitly
# and remove the ping-and-if safeguard;
# but 0.0.0.0 won't work!
$external_ip = (Get-NetIPAddress -AddressFamily IPv4 -InterfaceAlias $iface).IPv4Address;

ping -n 1 "$external_ip" > $null

if( !$?  ) {
    echo "error: cannot determine the external IP address";
    exit 1;
}

$firewall_rule_name = "WSL2 Firewall Hole"
Remove-NetFireWallRule -DisplayName "$firewall_rule_name"

New-NetFireWallRule -DisplayName "$firewall_rule_name" -Direction Outbound -LocalPort $ports -Action Allow -Protocol TCP
New-NetFireWallRule -DisplayName "$firewall_rule_name" -Direction Inbound -LocalPort $ports -Action Allow -Protocol TCP

ForEach( $port in $ports ) {
    netsh interface portproxy delete v4tov4 listenport=$port listenaddress=$external_ip
    netsh interface portproxy add v4tov4 listenport=$port listenaddress=$external_ip connectport=$port connectaddress=127.0.0.1
}

Credits:

  • The starting point was this script by edwindijas on WSL Github issue #4150.
  • The idea of using localhost instead of obtaining the IP address of a running WSL2 instance was gleaned from this answer by Charl Botha here.

The original edwindijas's script didn't work for me because I run WSL2 under a limited user, the script has to run as admin, and running bash or wsl -e as admin gets a new WSL2 instance with a different IP address.

Dungaree answered 3/3, 2021 at 23:28 Comment(1)
ok , you forward 8000,8001 ports and... ? What next? What the practical use?Wingless
L
1

Here's a solution that is perhaps simpler than many of the others that have been offered. You need a WSL1 instance with socat installed in addition to the WSL2 instance that you're using.

On the WSL1 instance, start socat like this:

socat -d TCP-LISTEN:3000,reuseaddr,fork TCP:localhost:3000

When you start socat like this, Windows will ask if you want to allow network access to the port. Confirm.

Make sure your puma binds to port 3000 on all interfaces.

You will now be able to access your dev server from the LAN. What's happening here is that socat is forwarding requests to 3000 on your ethernet port to port 3000 on localhost, which will magically get forwarded by Windows to WSL2.

(I'm currently using this exact setup to access my Django dev server on WSL2 from an iOS app on my LAN.)

Lighterage answered 9/10, 2020 at 11:7 Comment(3)
While there are socat based solutions that work for me, this one causes a "fork storm" as the port 3000 connection forks a connection to 3000, which forks another connection to 3000, and so on until I had so many socat's running before I could interrupt it that my Windows host was brought to a crawl (and it's not a slouch).Fillander
This is strange, I use this exact formulation, but with port 8000, from WSL1 in order to reach the Django running on my WSL2 with my iPhone. There must be some other difference between our two configurations.Lighterage
Agreed. I was thinking that it might have to do with some leftover forwarding rule from previous attempts (on mine), but I think I cleared everything out (e.g. netsh interface portproxy). I'll try on another port just to make sure, but failure pretty much means a reboot, so I'll have to wait until I'm ready for that.Fillander
N
1

So, I struggled with this for a while the last two days, nothing seemed to work, in this thread or elsewhere. I finally got it worked out though by piecing together a few things I've seen, and I figured I'd post my solution here in case it helps anyone. A few caveats though. First, I'm definitely no Linux guru, so "it works" is just about my real only consideration :) Second, this is on a home dev server, which means that security isn't my biggest concern (the server isn't exposed outside my LAN in any way), so I did some things that I wouldn't do on a real, important machine. Finally, I didn't need this to work all the time, meaning I'm okay with having to do something myself after a server reboot to get it all working.

With all that in mind, the first step was, as malt above describes, bridging the WSL adapter with the server's physical adapter. In my case, the server has a static IP, so I configured the Network Bridge adapter that results with a static IP, gateway and DNS servers for IPv4.

After that, I wrote the following script named startup_tasks.sh in my home directory:

#!/bin/bash

clear
echo Running startup tasks...

# Clear existing IP config
sudo ip addr flush eth0
echo .
sleep 2
# Add static IP
sudo ip addr add 192.168.1.100/24 dev eth0
echo .
sleep 2
# Remove existing default gateway
sudo ip route del default
echo .
sleep 2
# Add default gateway
sudo ip route add default via 192.168.1.1
echo .
sleep 2
# Remove existing name resolution config file
sudo rm /etc/resolv.conf
echo .
sleep 2
# Create name resolution config file
sudo touch /etc/resolv.conf
echo .
sleep 2
# Update permissions on file so we can edit it
sudo chmod 777 /etc/resolv.conf
echo .
sleep 2
# Add name servers
sudo echo "nameserver 8.8.8.8" >> /etc/resolv.conf
echo .
sleep 2
sudo echo "nameserver 1.1.1.1" >> /etc/resolv.conf
echo .
sleep 2

echo - Static IP set
echo .
echo ...done!

For this to work, I also had to ensure my user account has sudo rights without a password, so this was added to the sudoer's file:

devuser=(ALL) NOPASSWD:ALL

I simply run that script after a server reboot and the result is WSL gets a static IP address and all the servers I run (all in Docker containers, though I removed all that from the script above) are accessible.

For me, it's that easy.

I've also considered writing a simple .vbs file and dropping it in my startup folder to run that script after a reboot automatically. That should work fine and make it all completely automatic, but I just haven't done it yet.

Nomarch answered 30/12, 2021 at 20:19 Comment(0)
F
0

Unfortunately, for me, this is a simplified case because my Home network is defined by my Router. Since my home devices don't communicate using the back-to-back connection and my network is protected by the Router's firewall I have to respect the Router's configuration.

  1. There is a list of DNS's - 8.8.8.8, 8.8.4.4, 9.9.9.9 which back my ISP DNS. It means that resolv.conf has to be crafted. nslookup reflects the correct configuration.
  2. It is possible to configure DHCP relay to external DHCP
  3. I can define and config how devices obtain dynamic IP including the static lease. It assumes that the device uses the correct DHCP IP address.
  4. I can configure port forwarding for known to the router devices, of course.
Florrieflorry answered 29/6, 2020 at 8:20 Comment(0)
B
-11

Try -b 0.0.0.0 That's what works on other OSes

Barm answered 3/4, 2020 at 21:25 Comment(0)

© 2022 - 2025 — McMap. All rights reserved.