Accessing web servers, databases, or other network services hosted inside WSL2 from external devices or networks often requires more than just enabling the service within your Linux distribution. By default, WSL2 uses a virtualized network interface with its own IP address, which can make direct port mapping and external access challenging. Setting up port forwarding with IP passthrough ensures that traffic from your Windows host is correctly routed to your WSL2 instance, allowing seamless connectivity for development, testing, or production scenarios.

Port Forwarding with PowerShell and Netsh

Step 1: Identify the IP address of your WSL2 instance. Open your WSL2 terminal and run:

hostname -I

This command displays the current IP address assigned to your WSL2 environment. You'll need this address to set up port forwarding rules.

Step 2: Choose the port you want to forward. For example, if your web server runs on port 8080 inside WSL2, you may want to forward traffic from Windows port 8080 to WSL2's port 8080.

Step 3: Open Windows PowerShell as an administrator. This is required to add or remove port forwarding rules at the system level.

Step 4: Use the netsh command to add a port forwarding rule. Replace WSL_IP with your WSL2 IP address and PORT with the desired port number:

netsh interface portproxy add v4tov4 listenaddress=0.0.0.0 listenport=PORT connectaddress=WSL_IP connectport=PORT

For example, to forward port 8080:

netsh interface portproxy add v4tov4 listenaddress=0.0.0.0 listenport=8080 connectaddress=172.20.51.10 connectport=8080

This rule directs all incoming traffic on port 8080 to the WSL2 instance at the specified IP and port.

Step 5: Ensure Windows Firewall allows inbound connections on the forwarded port. Open Windows Defender Firewall settings, and add a new inbound rule for TCP on the chosen port if it does not already exist. This step is critical; otherwise, external traffic may be blocked before reaching the port proxy.

Step 6: Test connectivity by accessing http://YOUR_WINDOWS_HOST_IP:PORT from another device on your network. You should reach the service running inside WSL2.

Step 7: Remove or update port forwarding rules as needed. To delete a rule:

netsh interface portproxy delete v4tov4 listenaddress=0.0.0.0 listenport=PORT

Repeat the above steps if your WSL2 IP changes (for example, after a reboot), as the address may be dynamically assigned.

IP Passthrough with Hyper-V Virtual Switch (Advanced)

Step 1: Open Hyper-V Manager (if available) on your Windows system. WSL2 leverages Hyper-V for virtualization, but direct access to networking features may require enabling Hyper-V in Windows Features.

Step 2: Create an External Virtual Switch and assign it to your primary network adapter. This allows WSL2 to acquire an IP address directly from your physical network, making it accessible as a peer device.

Step 3: Configure WSL2 to use the external virtual switch. This step may involve editing configuration files or using command-line tools, depending on your Windows version and WSL2 setup. Note that this approach can introduce additional complexity and security considerations, so use it only if traditional port forwarding is insufficient.

Step 4: Once WSL2 has a bridged network connection, it will receive an IP address on the same subnet as your Windows host. You can now access services running in WSL2 directly via this IP, without port forwarding.

Step 5: Update firewall rules for both Windows and your WSL2 distribution to permit traffic on required ports. This ensures network requests are not blocked at either endpoint.

This method is best suited for advanced users who require direct network access for WSL2, such as for testing distributed systems or running servers accessible from multiple devices.

Temporary Port Forwarding with WSL2 Helper Scripts

Step 1: Some users automate port forwarding with helper scripts that detect WSL2 IP changes and update netsh rules accordingly. These scripts can be run on Windows startup or triggered manually after WSL2 restarts.

Step 2: Download or write a script that monitors the WSL2 IP address and applies the appropriate netsh commands. Example scripts are available in community forums and repositories. Always review scripts for security and accuracy before use.

Step 3: Schedule the script to run automatically using Windows Task Scheduler, or execute it after each system reboot to keep port forwarding up to date.

This approach streamlines the process but may require troubleshooting if script permissions or network conditions change.

Configuring port forwarding with IP passthrough in WSL2 improves access to development environments and network services. Regularly check your WSL2 IP and firewall settings to keep connections reliable.