search

microsoft / WSL

Issues found on WSL
https://docs.microsoft.com/windows/wsl
MIT License
16.94k stars 799 forks source link

xdebug from WSL2 to Windows blocked by Windows Defender #11139

Open sboden opened 5 months ago

sboden commented 5 months ago

Windows Version

Microsoft Windows [Version 10.0.19045.3930]

WSL Version

0.0.0.0

Are you using WSL 1 or WSL 2?

Kernel Version

5.10.102.1

Distro Version

Ubuntu-20.04

Other Software

Windows Defender

Repro Steps

I'm trying to debug PHP using xdebug where PhpStorm is running on Windows and my web application is running on WSL2.

When I disable the WSL interface for Windows Defender by running on Windows following command in an elevated cmd:

powershell -Command "Set-NetFirewallProfile -Profile Public -DisabledInterfaceAliases 'vEthernet (WSL)'"

I can do from within WSL2:

telnet 172.23.208.1 9003

And this gets me connected to PHPStorm, port 9003 is the port I use for PHPStorm xdebugging, 172.23.208.1 is the IP address of the vEthernet (WSL) from ipconfig /all on Windows. Extract like this:

Ethernet adapter vEthernet (WSL):

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter
   IPv4 Address. . . . . . . . . . . : 172.23.208.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.240.0

This way xdebug works, but when I open Windows Security there's a warning (and button) under Firewall stating "Restore Settings", and apparently that also flags somewhere on a company security board.

When I "Restore settings" and try the same telnet 172.23.208.1 9003 from within WSL2, the command hangs and does not connect to PhpStorm.

So I tried to open the 9003 port with a firewall rule keeping the WSL interface enabled... For the moment I tried from an elevated powershell:

New-NetFirewallRule -DisplayName "Test 9003" -InterfaceAlias "vEthernet (WSL)" -Direction Inbound -Protocol TCP -LocalPort 9003 -Action Allow

and

New-NetFirewallRule -DisplayName "WSL Inbound" -Direction Inbound   -InterfaceAlias "vEthernet (WSL)"  -Action Allow

I also tried making a firewall rule for the PhpStorm application using the advanced settings of Window Defender. I have no "block" rules.

But all fail to give the same result as disabling the WSL interface.

Expected Behavior

A way to debug a web application from WSL2 to Windows PhpStorm on port 9003 without triggering a Window Security alert. A way to poke a hole in the firewall that works.

Actual Behavior

Keeping the WSL Interface enabled in Window Defender with firewall rules to allow port 9003 does not work. Or I don't find the proper command to make it work.

Diagnostic Logs

No response

github-actions[bot] commented 5 months ago

Hi I'm an AI powered bot that finds similar issues based off the issue title.

Please view the issues below to see if they solve your problem, and if the issue describes your problem please consider closing this one and thumbs upping the other issue to help us prioritize it. Thank you!

Open similar issues:

Closed similar issues:

Note: You can give me feedback by thumbs upping or thumbs downing this comment.

chanpreetdhanjal commented 4 months ago

Hi. Can you please collect networking logs by following the instructions below? https://github.com/microsoft/WSL/blob/master/CONTRIBUTING.md#collect-wsl-logs-for-networking-issues

sboden commented 4 months ago

Not_working_WslNetworkingLogs-2024-02-15_16-51-04.zip Working_WslNetworkingLogs-2024-02-15_16-49-14.zip

The "Not_working" is after I pressed "Restore settings" in Windows Security, so all firewall interfaces are up and I don't get a connection. The "Working" is when I disabled the WSL interface in Defender, and I do get a connection.

In both instances I did a "telnet 172.25.96.1 9003" from within WSL2. PhpStorm is listening on port 9003 on the Windows side.