WSL2 http.Server not accessible from Windows11 [experimental] networkingMode=mirrored

[protatremy]

Windows Version

Windows11

WSL Version

2.0.9.0

Are you using WSL 1 or WSL 2?

• WSL 2
• WSL 1

Kernel Version

5.15.133.1-1

Distro Version

Ubuntu 20.04

Other Software

No response

Repro Steps

After creating a new vswitch with an IP address:

   IPv4 address. . .: 192.168.98.45
   mask. . . . . . . . . : 255.255.255.0

I can see the result in Windows side:

Carte Ethernet vEthernet (AAOS_networking) :

   Suffixe DNS propre à la connexion. . . :
   Adresse IPv6 de liaison locale. . . . .: fe80::3ca0:ffd8:ee94:4d84%82
   Adresse IPv4. . . . . . . . . . . . . .: 192.168.98.45
   Masque de sous-réseau. . . . . . . . . : 255.255.255.0
   Passerelle par défaut. . . . . . . . . : 192.168.98.0`

In WSL2:

7: eth4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:15:5d:7d:86:07 brd ff:ff:ff:ff:ff:ff
    inet 192.168.98.45/24 brd 192.168.98.255 scope global noprefixroute eth4
       valid_lft forever preferred_lft forever
    inet6 fe80::3ca0:ffd8:ee94:4d84/64 scope link nodad noprefixroute
       valid_lft forever preferred_lft forever

If I run an http.server on localhost in WSL2 side , I can make a wget in windows.

PS C:\Users\myUser> wget 127.0.0.1:8000


StatusCode        : 200
StatusDescription : OK
Content           : <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
                    <html>
                    <head>
                    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
                    <title>Directory listing fo...
RawContent        : HTTP/1.0 200 OK
                    Content-Length: 1459
                    Content-Type: text/html
                    Date: Fri, 17 Nov 2023 15:57:10 GMT
                    Last-Modified: Fri, 17 Nov 2023 09:57:16 GMT
                    Server: SimpleHTTP/0.6 Python/3.8.10

                    <!DOCTYPE HTM...
Forms             : {}
Headers           : {[Content-Length, 1459], [Content-Type, text/html], [Date, Fri, 17 Nov 2023 15:57:10 GMT], [Last-Modified, Fri, 17 Nov 2023 09:57:16 GMT]...}
Images            : {}
InputFields       : {}
Links             : {@{innerHTML=.ansible/; innerText=.ansible/; outerHTML=<A href=".ansible/">.ansible/</A>; outerText=.ansible/; tagName=A; href=.ansible/}, @{innerHTML=.bash_history; innerText=.bash_history; outerHTML=<A href=".bash_history">.bash_history</A>; outerText=.bash_history; tagName=A; href=.bash_history}...}
ParsedHtml        : System.__ComObject
RawContentLength  : 1459

When I m starting my http.server on 192.168.98.45:8000, I m able to make:

 wget 192.168.98.45:8000
--2023-11-17 17:13:10--  http://192.168.98.45:8000/
Connecting to 192.168.98.45:8000... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1459 (1.4K) [text/html]
Saving to: ‘index.html.19’

index.html.19                                        100%[===================================================================================================================>]   1.42K  --.-KB/s    in 0s

2023-11-17 17:13:10 (474 MB/s) - ‘index.html.19’ saved [1459/1459]

But not in Windows Side

Expected Behavior

I m expecting to acces the http.Server running on the vswitch internal address by sharing the same interface between Windows and WSL2 through mirror feature.

I tried both features, describe in #10769
tried toggling the new experimental.firewall/wsl2.firewall, but it doesn't seem to make any difference.
and

Get WSL VM Id:
$ Get-NetFirewallHyperVVMCreator

VMCreatorId  : {40E0AC32-46A5-438A-A0B2-2B479E8F2E90}
FriendlyName : WSL
Disable Firewall (from an elevated/admin Terminal):
$ Set-NetFirewallHyperVVMSetting -Name '{40E0AC32-46A5-438A-A0B2-2B479E8F2E90}' -Enabled False 

Actual Behavior

For now, I got an error:

PS C:\Users\myUser> wget 192.168.98.45:8000
wget : The underlying connection was closed: An unexpected error occurred on a receive.
Au caractère Ligne:1 : 1
+ wget 192.168.98.45:8000
+ ~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation : (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest],WebException
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand

Diagnostic Logs

No response

[github-actions]

Hi I'm an AI powered bot that finds similar issues based off the issue title.

Please view the issues below to see if they solve your problem, and if the issue describes your problem please consider closing this one and thumbs upping the other issue to help us prioritize it. Thank you!

Open similar issues:

• Networking mirrored can't work on WSL2 (#10632), similarity score: 0.86

Closed similar issues:

• wsl 2.0.0 proxy bug in networkingMode = mirrored network (#10517), similarity score: 0.83
• Mirrored network, port listen in Windows not accessable from WSL using external LAN ip. (#10611), similarity score: 0.82
• HTTP Server on WSL not accessible on W11 (#9203), similarity score: 0.82
• WSL2 Network is unreachable (#6480), similarity score: 0.80
• Cannot access http server located in Windows from WSL2 (#5316), similarity score: 0.80
• [WSL2] No network communication between WSL and Windows (#4212), similarity score: 0.80
• WSL 2.0.6 mirrored network - can not connect to Docker container ports from Windows host (#10683), similarity score: 0.79
• the network of wsl2 does not work (#7421), similarity score: 0.79
• Can't ssh into wsl with networking mode mirrored (#10597), similarity score: 0.79

You can give me feedback by thumbs upping or thumbs downing this comment.

[zhaoqiu-china]

Hi, you run it in Windows Insiders canary and Release Preview Channel?

[tusharsnx]

@zhaoqiu-china

Hi, you run it in Windows Insiders canary and Release Preview Channel?

Does it require an insider channel build now that we have 23H2 in stable?

On my computer with the latest stable Windows, all WSL 2 2.0.x features (including networkingMode=mirrored) seem to work.

[zhaoqiu-china]

my .wslconfig:

[wsl2]
memory=8G
swap=4G
networkingMode=mirrored
autoProxy=true
dnsTunneling=true
[experimental]
firewall=false
autoMemoryReclaim=gradual

another machine(my phone) can visit wsl2 http.server while win11 can not call wsl2 http.server(by ip).

[protatremy]

Hi, you run it in Windows Insiders canary and Release Preview Channel?

Hi @zhaoqiu-china yes I m running with

[protatremy]

Hi @tusharsnx ,

What do you mean by it works? I perhaps wrong with my test but I hope to use the my interface as described on top. But not sure about that. I created my interface on windows side. I m running a http.server on wsl2 side on this interface and I tried to get from windows. Can you execute this case?

[tusharsnx]

@protatremy

What do you mean by it works?

By that, I mean all new WSL 2 2.0.9 features work outside of insider channels (i.e., 23H2) already. You don't need to be on an Insider build to use these features. (I was replying to zhaoqiu-china)

As far as this issue is concerned, I'm not able to access WSL services from Windows side using the IP address. However, localhost works just fine, and if you follow the steps mentioned in #10769, you can access WSL services using the host (Windows) IP address from other LAN devices.

[protatremy]

I added all options:

networkingMode=mirrored
hostAddressLoopback=true
dnsTunneling=true
firewall=true

Starting my http.server in wsl2 with
vswitch : 169.254.23.100 => Working (wget from windows StatusCode : 200)
SwitchName 169.254.113.133 =>Working (wget from windows StatusCode : 200)
The one I created 192.168.98.45=>Not Working (curl : The underlying connection was closed: An unexpected error occurred on a receive.)
Samething with an other created Vswitch in 169.254.112.57 > Not Working (curl : The underlying connection was closed: An unexpected error occurred on a receive.)

[protatremy]

the tips included in #10769 fixed my issue, thanks:

Turns out that this article describes how you can disable WSL VM's Hyper-V Firewall in two steps:

Warning

Disabling Firewall can have unintended consequences. Any malicious app running within wsl gets unrestricted access to internet.

1. Get WSL VM Id:

$ Get-NetFirewallHyperVVMCreator

VMCreatorId  : {40E0AC32-46A5-438A-A0B2-2B479E8F2E90}
FriendlyName : WSL

2. Disable Firewall (from an elevated/admin Terminal):

$ Set-NetFirewallHyperVVMSetting -Name '{40E0AC32-46A5-438A-A0B2-2B479E8F2E90}' -Enabled False

At this point, you should be able to access wsl services from other devices on LAN (or from the internet who knows 🙃).