How to forward WSL2 8080 to Windows host's 8080?

Question

I have:

1. a Spring Boot application running on Windows on 8080 and
2. a service running in the Docker container within the WSL2 Ubuntu, and

I'm loking how to enable the Windows host's 8080 to this service?

The limitation is that the service is part of the development setup and is built with the docker-compose, so the solution should be IP-independent or fully (maximally) automated.

The application is reachable with curl $(hostname).local:8080, but when I try to add iptables rules (based on those found here) to redirect "wsl:8080->winhost:8080":

sudo iptables -A FORWARD -i lo -o eth0 -p tcp --syn --dport 8080 -m conntrack --ctstate NEW -j ACCEPT
sudo iptables -A FORWARD -i lo -o eth0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A FORWARD -i eth0 -o lo -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -t nat -A PREROUTING -i lo -p tcp --dport 8080 -j DNAT --to-destination 172.28.80.1:8080
sudo iptables -t nat -A POSTROUTING -o eth0 -p tcp --dport 8080 -d 172.28.80.1 -j SNAT --to-source 127.0.0.1:8080

where 172.28.80.1 - is the Windows host IP, then curl starts hanging until timeout.

Any suggestions?

Answer 1

I've managed to make connection from inside a Docker container under WSL2 to a port opened on the Windows machine (php container with xdebug on ubuntu connecting to phpstorm on windows) as follows:

1. map host in docker-compose.yml or docker-compose.override.yml and rebuild container

services:
  php:
    build:
      context: ./
      target: debug
    extra_hosts:
      - "host.docker.internal:host-gateway"

2. pinging host.docker.internal from container should now reveal the ip allocated by docker for it's network or you can manually specify the bridge ip and default docker subnet IP range(s) by creating a file /etc/docker/daemon.json with the following structure - more details here: https://serverfault.com/a/942176/1029877

{
  "bip": "172.30.0.1/16",
  "default-address-pools":[
    {"base":"172.32.0.0/16","size":24},
    {"base":"172.33.0.0/16","size":24},
    {"base":"172.34.0.0/16","size":24}
  ]
}

where

• bip would be the value that docker maps under host.docker.internal
• default-address-pools will be used for allocating ip addresses to containers

3. then define a new iptable rule as follows

iptables -t nat -A PREROUTING -j DNAT -d 172.30.0.1 -p tcp --dport 9003 --to 172.24.96.1

where

• 172.30.0.1 is the destination of the initial request - where is trying to connect
• 172.24.96.1 is the ip address assigned to WSL network - where we need to forward the request
• 9003 is the port - the same for both source and destination

More resources for inspiration or issues that I've stumbled upon:

• https://forums.docker.com/t/how-to-reach-localhost-on-host-from-docker-container/113321/15 and https://docs.docker.com/config/containers/live-restore/ -- didn't happen for me
• https://askubuntu.com/a/320125/1678663 and - https://askubuntu.com/questions/466445/what-is-masquerade-in-the-context-of-iptables -- I haven't used MASQUERADE and described solution works good enough for what I need
• https://stackoverflow.com/a/72881373/1091730 - looking to try the 3'rd solution to manually remap the assigned ipaddress to WSL instance by changing IPAddress key value under Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{{wsl-network-id}} in registry

Now I am looking to automate this and make sure it doesn't have any issues when changing network connections or after wakeup from sleep / hybernate (as it happens from time to time with another port forwarding over ssh -- however this might be related to some drivers on my device).