WSL2: Forward Windows subsystem for Linux ports

In this post you will learn how to open / forward ports of programs running in WSL2 in the Windows firewall so that they are accessible from the home network. How can I access a WSL2 Linux with SSH? How do I share a web server via WSL2? These questions are answered below

Find out IP address in WSL2

First, the WSL2 IP address is required so that Windows can be told to which address the request must be forwarded. The command depends on the Linux distribution.

Ubuntu

ifconfig

Debian

ip a

In my case the IP address of the WSL2 Linux was 172.29.192.157 , this should be adjusted in all following commands.

Run PowerShell or Command Prompt as Administrator

For the following commands it is necessary to start Windows PowerShell or Command Prompt as administrator (right click: Run as administrator)

It is important again to adjust the IP address in the commands.

Forward OpenSSH server

If you want to enable OpenSSH, this is port 22 by default, alternatively you can also set a different port in the config of the SSH server.

Proxy forwarding

netsh interface portproxy add v4tov4 listenaddress=0.0.0.0 listenport=22 connectaddress=172.29.192.157 connectport=22

Firewall rule

netsh advfirewall firewall add rule name=”WSL2 Forward Port 22” dir=in action=allow protocol=TCP localport=22

Forward web server

If you want to enable Apache or Nginx, this is port 80 by default.

Proxy forwarding

netsh interface portproxy add v4tov4 listenaddress=0.0.0.0 listenport=80 connectaddress=172.29.192.157 connectport=80

Firewall rule

netsh advfirewall firewall add rule name=”WSL2 Forward Port 80” dir=in action=allow protocol=TCP localport=80

Check proxy rules

The following PowerShell command can be used to display all entered proxy rules

netsh interface portproxy show v4tov4

Check firewall rules

Windows Defender Firewall -> Advanced Settings -> Inbound Rules

Delete proxy rules

If you want to delete a proxy rule with a specific port, this works with the following PowerShell command, before using {port} should be replaced with the desired port to be deleted

netsh interface portproxy delete v4tov4 listenport={port} listenaddress=0.0.0.0

Delete firewall rules

Windows Defender Firewall -> Advanced Settings -> Inbound Rules

Release no longer works after the reboot

After each reboot, the WSL2 Linux gets a new IP address, which means that the old rules no longer work. I wrote a PowerShell script to solve them.

The script retrieves the IP address of a WSL2 Ubuntu distribution, deletes all existing PortProxy rules and creates them again with the new WSL2 IP address

#### ------------ Set WSL 2 Machine IP ------------ ####

$wsl_ip = (ubuntu.exe -c "ifconfig eth0 | grep 'inet '").trim().split()| where {$_}
$regex = [regex] "\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b"

$ip_array = $regex.Matches($wsl_ip) | %{ $_.value }

$wsl_ip = $ip_array[0]

Write-Host "WSL Machine IP: ""$wsl_ip"""

#### ------------ Delete PortProxy rules ------------ ####

netsh int portproxy reset all

#### ------------ Rule: SSH - Port 22 ------------ ####

netsh interface portproxy add v4tov4 listenport=22 listenaddress=0.0.0.0 connectport=22 connectaddress=$wsl_ip

#### ------------ Rule: Webserver SSL - Port 443 ------------ ####

netsh interface portproxy add v4tov4 listenport=443 listenaddress=0.0.0.0 connectport=443 connectaddress=$wsl_ip

#### ------------ Rule: Webserver SSL Regel - Port 80 ------------ ####

netsh interface portproxy add v4tov4 listenport=80 listenaddress=0.0.0.0 connectport=80 connectaddress=$wsl_ip

WSL2