virtualbox_WSL2 icon indicating copy to clipboard operation
virtualbox_WSL2 copied to clipboard

Published 20 hours ago verified publisher icon Karandash8

README should mention firewall issues

Open kkeane opened this issue 3 years ago • 3 comments

Thanks for building this very useful utility!

After installing the virtualbox_WSL2 plugin, I found that it was not working for me. After some troubleshooting, I found that the problem was the Windows Firewall. It worked fine with the firewall disabled.

This should be documented in the README.

The specific problem is that from the host's perspective, the VirtualBox VMs appear to be in the public zone. This cannot be changed (Windows limitation). In addition, depending on your configuration, traffic in or out of the VM may get blocked by the firewall.

I found that the following PowerShell script opens the firewall enough, without completely disabling it. Note: this script only allows DNS traffic, which was the problem for me. You may need to open additional ports.

$adapters=(Get-NetAdapter | Where-Object Name -like 'vEthernet*')

Set-NetFirewallProfile -DisabledInterfaceAliases $adapters.Name

# For VirtualBox, we also need to allow DNS to/from anywhere
# If security is a concern, you could also set -RemoteAddress but we do not do that here
# for flexibility
New-NetFirewallRule -Name UsdDNSReq  -DisplayName "Allow DNS Req" -Direction Inbound  -LocalPort 53 -Protocol UDP -Action Allow
New-NetFirewallRule -Name UsdDNSResp -DisplayName "Allow DNS Resp" -Direction Inbound -RemotePort 53 -Protocol UDP -Action Allow
New-NetFirewallRule -Name UsdDNSTCPReq  -DisplayName "Allow DNS TCP Req" -Direction Inbound  -LocalPort 53 -Protocol TCP -Action Allow
New-NetFirewallRule -Name UsdDNSTCPResp -DisplayName "Allow DNS TCP Resp" -Direction Inbound -RemotePort 53 -Protocol TCP -Action Allow

kkeane avatar Apr 24 '21 22:04 kkeane

I didn't go with those specific rules but @kkeane description helped me. Since I don't want to get to powershell about this, these were the steps I followed to enable the firewall rules the Windows UI way (PLEASE don't do this unless you're in a safe network):

  • Open the Windows Defender Firewall application.
  • Look for "VirtualBox Headless Frontend" rule name, "Public" profile. You'll see one rule for TCP and another one for UDP.
  • Right click on each of them, hit Properties.
  • Set to "Allow connection" in the Action section of the "General" tab.

The option names might differ, my windows is in spanish. Once again, PLEASE don't do this unless you're in a safe network or revert the changes once you're done.

alvaro-gh avatar Jun 01 '21 19:06 alvaro-gh

Hi, you should definitly mention your previous message in your README (authorizing Public rules). Not sure how long that would have taken me to find it out by my self. Thanks !

hlombard avatar Jun 18 '22 23:06 hlombard

To reiterate on what @hlombard said, to set the mentioned firewall rules to Public, run the following command in an elevated PowerShell (on Windows, not within WSL2):

Get-NetFirewallRule -DisplayName "VirtualBox Headless Frontend" | Set-NetFirewallRule -Profile Public

Also, as @mxdlx mentioned, only do this on a safe network.

ZacksHomeLab avatar Mar 28 '23 16:03 ZacksHomeLab