microsoft
Cannot access windows server from docker in wsl2 with mirrored network.
Windows Version
Microsoft Windows [version 10.0.22631.4317]
WSL Version
2.4.11.0
Are you using WSL 1 or WSL 2?
- [x] WSL 2
- [ ] WSL 1
Kernel Version
5.15.167.4-1
Distro Version
Ubuntu24.04
Other Software
Docker (not docker desktop)
Docker version 28.0.0, build f9ced58
Repro Steps
When I first encountered this issue while deploying a local service using Docker Compose, the working environment was quite complex. With the help of AI, I simplified the scenario and successfully reproduced the problem.
- First, set up port 7890(a http proxy) to listen on the Windows host machine and ensured that its binding address was configured to 0.0.0.0
And I'm sure I can access the proxy on wsl.
- Second, create
docker-compose.ymland enter the container.
version: "3.8"
services:
test:
image: alpine:latest
entrypoint: ["sh", "-c", "tail -f /dev/null"]
extra_hosts:
- "host.docker.internal:host-gateway"
- Then enter the shell and test
docker compose up -d
docker compose exec test sh
apk add --no-cache curl
curl -x http://host.docker.internal:7890 https://google.com -v
Expected Behavior
I expect that the curl command will successfully connect to the proxy and work properly.
Actual Behavior
/ # curl -x http://host.docker.internal:7890 https://google.com -v
* Host host.docker.internal:7890 was resolved.
* IPv6: (none)
* IPv4: 172.18.0.1
* Trying 172.18.0.1:7890...
* connect to 172.18.0.1 port 7890 from 172.18.0.1 port 44111 failed: Connection refused
* Failed to connect to host.docker.internal port 7890 after 0 ms: Could not connect to server
* closing connection #0
curl: (7) Failed to connect to host.docker.internal port 7890 after 0 ms: Could not connect to server
Diagnostic Logs
WslNetworkingLogs-2025-02-24_02-41-55.zip
Logs are required for review from WSL team
If this a feature request, please reply with '/feature'. If this is a question, reply with '/question'. Otherwise please attach logs by following the instructions below, your issue will not be reviewed unless they are added. These logs will help us understand what is going on in your machine.
How to collect WSL logs
Download and execute collect-wsl-logs.ps1 in an administrative powershell prompt:
Invoke-WebRequest -UseBasicParsing "https://raw.githubusercontent.com/microsoft/WSL/master/diagnostics/collect-wsl-logs.ps1" -OutFile collect-wsl-logs.ps1
Set-ExecutionPolicy Bypass -Scope Process -Force
.\collect-wsl-logs.ps1
The script will output the path of the log file once done.
If this is a networking issue, please use collect-networking-logs.ps1, following the instructions here
Once completed please upload the output files to this Github issue.
Click here for more info on logging If you choose to email these logs instead of attaching to the bug, please send them to [email protected] with the number of the github issue in the subject, and in the message a link to your comment in the github issue and reply with '/emailed-logs'.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Diagnostic information
Found '/question', adding tag 'question'
Additional: If I replace host.docker.internal with the host machine's IP address (displayed by running ipconfig.exe in PowerShell), I can successfully connect to the proxy server. But why can't localhost or host.docker.internal work here?
thanks @XTxxxx for filing the issue and attaching logs
communication between windows host and Linux guest only works using 127.0.0.1 or using IP addresses assigned to Windows (which are then mirrored in Linux) -- this requires the hostAddressLoopback setting to be enabled in the wslconfig file.
In this case the host.docker.internal 172.18.0.1 IP I see is assigned to the linux docker0 interface, so it is an IP exclusive to Linux, not shared between Windows and Linux
Let us know if you have any questions
thanks @XTxxxx for filing the issue and attaching logs
communication between windows host and Linux guest only works using 127.0.0.1 or using IP addresses assigned to Windows (which are then mirrored in Linux) -- this requires the hostAddressLoopback setting to be enabled in the wslconfig file.
In this case the host.docker.internal 172.18.0.1 IP I see is assigned to the linux docker0 interface, so it is an IP exclusive to Linux, not shared between Windows and Linux
Let us know if you have any questions
This is the proper answer that helped me as well.
With the experimental setting enabled, the Windows local network LAN address is exposed in Linux (WSL). This means a Docker container can transmit packets to it. My tests from the link above posted by @rfay, no packets received on the Windows side without the setting enabled. With the setting enabled, I can capture packets from the docker container running on the WSL side.
