WSL2 with hostAddressLoopback - docker-ce bridge network unreachable from Windows

[robmry]

Windows Version

Microsoft Windows [Version 10.0.22631.3737]

WSL Version

2.0.14.0

Are you using WSL 1 or WSL 2?

• WSL 2
• WSL 1

Kernel Version

5.15.133.1-1

Distro Version

Ubuntu 24.04

Other Software

Docker CE 27.0.3

Repro Steps

• In .wslconfig...

[experimental]
hostAddressLoopback=true

• Install docker-ce in the WSL2 instance.
• As described in "Expected Behaviour" below:
  • Create a bridge network, and a container with ports mapped from the host address (which is shared with Windows).
  • In Windows, try to connect to that service via the host address.

Expected Behavior

Re-raising moby/moby#48136 here as requested - @CatalinFetoiu.

Reported by @dannyhpy in moby/moby#48075 (comment) ...

This PR fixes the issue listed in #10494 for the loopback interface only, sadly. Running docker run -ti --rm -p 192.168.1.100:8080:80 traefik/whoami and opening http://192.168.1.100:8080/ in the browser on the host machine still fails with a ERR_CONNECTION_TIMED_OUT. On other hosts in the LAN, though, this works.

The hostAddressLoopback option is set to true in my %USERPROFILE%.wslconfig file as noted in https://learn.microsoft.com/en-us/windows/wsl/wsl-config and running another program such as python -m http.server works and is reachable from the Windows host at http://192.168.1.100:8000/

Actual Behavior

Packets arrive on the WSL2 guest's ethN interface, with the shared host address as the source. So, everything looks normal. They're DNAT'd, arrive at the container, and get a response addressed to the shared host address (192.168.1.100 in the example). But, the response packets don't get back to the WSL2 ethN interface.

That's because the dest MAC address in response packets belongs to the docker network's bridge (the container's default gateway). The WSL2 guest has that IP address itself, on its own ethN, it doesn't know anything about the Windows version of that address. So, packets are delivered locally rather than sent back to ethN - then dropped because nothing in the Linux guest is listening on that dest port.

Diagnostic Logs

No response

[github-actions]

Logs are required for review from WSL team

If this a feature request, please reply with '/feature'. If this is a question, reply with '/question'.
Otherwise please attach logs by following the instructions below, your issue will not be reviewed unless they are added. These logs will help us understand what is going on in your machine.

How to collect WSL logs

Download and execute collect-wsl-logs.ps1 in an administrative powershell prompt:

Invoke-WebRequest -UseBasicParsing "https://raw.githubusercontent.com/microsoft/WSL/master/diagnostics/collect-wsl-logs.ps1" -OutFile collect-wsl-logs.ps1
Set-ExecutionPolicy Bypass -Scope Process -Force
.\collect-wsl-logs.ps1

The scipt will output the path of the log file once done.

Once completed please upload the output files to this Github issue.

Click here for more info on logging
If you choose to email these logs instead of attaching to the bug, please send them to [email protected] with the number of the github issue in the subject, and in the message a link to your comment in the github issue and reply with '/emailed-logs'.

View similar issues

Please view the issues below to see if they solve your problem, and if the issue describes your problem please consider closing this one and thumbs upping the other issue to help us prioritize it!

Open similar issues:

• Cannot connect WSL2 vEth interfaces in Mirrored mode even hostAddressLoopback is true. (#10731), similarity score: 0.77

Closed similar issues:

• [WSL2] Cannot access windows service running on host from a container using host.docker.internal (#6364), similarity score: 0.76
• WSL 2.0.6 mirrored network - can not connect to Docker container ports from Windows host (#10683), similarity score: 0.75
• Unable to use macvlan on Ubuntu created with WSL2 (#11615), similarity score: 0.74
• Can't reach Host<->WSL but normal LAN & Internet access (#7240), similarity score: 0.74

Note: You can give me feedback by thumbs upping or thumbs downing this comment.

[benhillis]

Fixed with https://github.com/microsoft/WSL/releases/tag/2.3.11.