WSL2 cannot connect to localhost when the service is running on Windows

[bingzhangdai]

Please fill out the below information:

• Your Windows build number: (Type ver at a Windows Command Prompt) Microsoft Windows [Version 10.0.19041.264]

• What you're doing and what's happening: (Copy&paste the full set of specific command-line steps necessary to reproduce the behavior, and their output. Include screenshots if that helps demonstrate the problem.) I am using an HTTP proxy (ShadowSocks) on windows which is listening on localhost port 1080. Then, I want the command in WSL2 to go through that proxy.

• What's wrong / what should be happening instead: curl: (7) Failed to connect to 127.0.0.1 port 1080: Connection refused

• Strace of the failing command, if applicable: (If some_command is failing, then run strace -o some_command.strace -f some_command some_args, and link the contents of some_command.strace in a gist here).

• For WSL launch issues, please collect detailed logs.

In WSL1, all things are fine. In WSL2 I could connect to the HTTP proxy through my Windows IP. I believe it is caused by WSL2 running in a separate VM.

[bingzhangdai]

To simplify the issue, I will show the telnet result, 172.21.80.1 is the Windows IP on WSL switch.

[nunix]

hi, the issue here is that while Windows can see the localhost ports of WSL, the inverse in not true by default. The ports forwarding are from WSL to Windows. If you do a netstat -an | grep 1080 on WSL, it should return nothing. However, when you pass it trough the Gateway (WSL switch), it will reach it.

Going forward, you can create a tunnel from Windows to WSL if you need/want to use localhost in your proxy (see: netsh interface portproxy command)

Hope this helps. WSL Corsair

[bplasmeijer]

See also #5131 @nunix do you see this as default behavior with the portproxy on WSL?

[bingzhangdai]

Thanks for the reply. I notice that many related issues are all about the network between the two systems. I can create a tunnel or proxy for this. But may I know if the WSL team has a specific plan or eta for the network improvement? Thanks.

[nunix]

let's wait for Build (and here I really am like you, I'm waiting on news) and see if something will done. @bplasmeijer I remember the SSH, actually right now, netsh is what I use for many of my demos.

still, I do agree with you that the "reverse forwarding" from Windows to WSL2 would be a great improvement

[bplasmeijer]

let's wait for Build (and here I really am like you, I'm waiting on news) and see if something will done. @bplasmeijer I remember the SSH, actually right now, netsh is what I use for many of my demos.

still, I do agree with you that the "reverse forwarding" from Windows to WSL2 would be a great improvement

cc: @craigloewen-msft @benhillis @sirredbeard

[gencer]

hi, the issue here is that while Windows can see the localhost ports of WSL, the inverse in not true by default. The ports forwarding are from WSL to Windows. If you do a netstat -an | grep 1080 on WSL, it should return nothing. However, when you pass it trough the Gateway (WSL switch), it will reach it.

Going forward, you can create a tunnel from Windows to WSL if you need/want to use localhost in your proxy (see: netsh interface portproxy command)

Hope this helps. WSL Corsair

@nunix can you give us an example? For example; I am trying to access 10134 port from WSL. 10134 port is on Windows assigned by Logitech Options application. I would like to access this port from inside WSL.

Is it possible to do with the portproxy? Currently my WSL IP is: 172.27.80.1

[eromoe]

same problem , we need to use proxy on windows localhost

[fatichar]

In my case, I am unable to connect to a service running on windows on ANY IP. Always the response is:

~/tcc/network-info$ telnet  172.17.0.1 5432
Trying 172.17.0.1...
telnet: Unable to connect to remote host: Connection refused

[eromoe]

@fatichar turn off your firewall , it cost me serveral hours to get it out . This is difinitely another big problem

[bingzhangdai]

Actually, what I am looking for is something even more about proxy between WSL2 and Windows. I am expecting similar experiences like WSL1, where WSL and Windows are using the same address (at least users should not be bothered if services on WSL and Windows are listening on different addresses) and follow the same firewall rules.

If the network is not unified, why not use VM directly and using Samba to share the filesystem? WSL1 provide grate convenience compared with VM. 🤔

Am I too greedy? 😂

[nunix]

hi, the issue here is that while Windows can see the localhost ports of WSL, the inverse in not true by default. The ports forwarding are from WSL to Windows. If you do a netstat -an | grep 1080 on WSL, it should return nothing. However, when you pass it trough the Gateway (WSL switch), it will reach it. Going forward, you can create a tunnel from Windows to WSL if you need/want to use localhost in your proxy (see: netsh interface portproxy command) Hope this helps. WSL Corsair

@nunix can you give us an example? For example; I am trying to access 10134 port from WSL. 10134 port is on Windows assigned by Logitech Options application. I would like to access this port from inside WSL.

Is it possible to do with the portproxy? Currently my WSL IP is: 172.27.80.1

hi @gencer I would suppose it's possible indeed, but on powershell if you do a netstat -an, on which interface is port 10134 mapped? if it's localhost, then WSL2 cannot reach it indeed, if it's bound to 0.0.0.0 then from WSL2 distro, try connecting to the :10134

Let me know the output of netstat and I will provide you the command

[gencer]

@nunix, Unfortunately it binds on localhost as follow:

  TCP    127.0.0.1:10134        0.0.0.0:0              LISTENING
  TCP    127.0.0.1:10134        127.0.0.1:50456        ESTABLISHED
  TCP    127.0.0.1:10134        127.0.0.1:50833        ESTABLISHED
  TCP    127.0.0.1:10134        127.0.0.1:56123        ESTABLISHED
  ... and vice-versa
  TCP    127.0.0.1:56123        127.0.0.1:10134        ESTABLISHED
  TCP    127.0.0.1:50456        127.0.0.1:10134        ESTABLISHED

However, we make it work on SSH/WSL by making vscode extension runing on UI side. This makes us to access localhost port and data.

[djfos]

you can access Windows port from WSL2 using your local IP like 192.168.31.66 instead of localhost, though is not elegant

[toryano0820]

I also have experienced this issue when accessing my Windows' Redis instance from my project running in WSL2. End up mapping Nameserver to localhost in /etc/hosts.

You can find Nameserver from /etc/resolv.conf, it looks like: nameserver 172.18.144.1 Then you can add line in /etc/hosts like: 172.18.144.1 localhost

Created a shell script to make life simpler: https://gist.github.com/toryano0820/6ee3bff2474cdf13e70d972da710996a

Not sure yet if there's a downside with this method. But it works!

[bsplosion]

This is a complete duplicate of #4619, and all details there are applicable here. For those not wanting to scroll through everything there, there doesn't seem to be any indication that WSL2 will go back to handling networking in a similar manner to WSL1. Your two options are 1: Put together some hacks and maybe it'll work, or 2: Revert to WSL1 and hope WSL2 maybe someday changes its approach back to that of WSL1.

[itsakt]

I was having similar issues. For me it's a hit or miss scenario. Sometimes it works sometimes it doesn't. I started webpack dev server (0.0.0.0:500) and accessed it through 127.0.0.1:500, usually browser will wait for bundles to load but today it loaded html page then just disconnected. Reloading no longer loads the page.

I had to disable my vpn before starting local server. After that turning on VPN seems to have no impact on server. I tried shutting down wsl instance (VPN still connected) and starting it again and everything seems to work fine. 🤔

[hasan-hasanov]

I can confirm that I can connect to the WSL2's localhost using VPN but are unable to do so when I am disconnected.

[troll-os]

I personally ended up running containers with the WSL2 integration for services that can run on Docker (Mongo for example)

[medmin]

This is so frustrating

[pgwilliams]

When I upgraded my distro I started having all sorts of DNS problems (even with McAfee firewall turned off) and then today hit this issue of not being able to connect to a port of a process running in Windows from my Ubuntu command line.

I've reverted the distro to WSL 1: wsl.exe --set-version Ubuntu 1 and things seem to be back to normal now.

[DachuanZhao]

@fatichar turn off your firewall , it cost me serveral hours to get it out . This is difinitely another big problem

It works . But I want to know why . I have added advanced rule in windows firewall , but it doesn't work .

[jorgeorpinel]

So you can't run SSH or any daemons (https://github.com/microsoft/WSL/issues/994#issuecomment-242918148) and you can't connect to servers run as Windows services (e.g. #3173). 😢

[spyro2000]

This is just a nightmare when doing software development. Was expecting to work this just out of the box after all those years. Can't believe it doesn't. Non-Windows-Users laughing at me. Again. Great job.

[MarcLongJoyride]

How is this still not resolved after all these people complaining of this issue for over a year? This is such a problem, my Linux coworkers keep telling me to drop WSL and just dual boot.

[bingzhangdai]

I switched to WSL1. WSL1 even performs better under Windows file system. If you choose to use Linux, you still cannot visit Windows ports through localhost.

[chupzzz]

May 2021 - we're still here! Unexpected behavior of WSL2 networking after each restart of my PC. Everytime I have NEW network issues.

That's terrible to pretend WSL2 is stable and recommend it as default! Without stable networking all the fancy features of WSL2 is totally useless!!! Microsoft, please put efforts on this. First things - first!

[samliddicott]

I finally got a custom wsl2 kernel with NBD support only to find out I can't connect to the NBD server running under windows.

(I'm trying to mount my ext4 partition in wsl2)

[danivalls]

Hey! I was having the same issue and I finally fixed it.

wsl --shutdown on the PowerShell worked for me like a charm! (Make sure to have closed all your wsl terminals first)

Hope it helps!

[innovaweb-dev]

Hey! J'avais le même problème et je l'ai finalement résolu.

wsl --shutdownsur le PowerShell a fonctionné pour moi comme un charme ! (Assurez-vous d'avoir fermé tous vos terminaux wsl au préalable)

J'espère que cela aide!

That works, but you need a shutdown/restart WSL2 after each launching Windows ? Someone knows why ?

[J4CKVVH173]

Microsoft never changes

[MarcLongoria]

What's bizarre is that my desktop does not have this issue but my laptop has this issue at least once a week.

It's incredibly frustrating to get everything setup and run npm start just to realize you have to shut the entire wsl environment down and start all over again.

[samwightt]

Is there a reason why this hasn't received more attention? This is really, really annoying.

[2pl]

This behavior is insane and has one killer side effect: random and unpredictable service ports conflicts.

Let's assume you have a windows process listening on 127.0.0.1 and for example port 9000

Port is visible from Windows

❯❯❯ NETSTAT.EXE -an | grep LISTEN | grep 9000
  TCP    0.0.0.0:9000           0.0.0.0:0              LISTENING
  TCP    127.0.0.1:9000         0.0.0.0:0              LISTENING
❯❯❯

but from WSL2 you are NOT seeing it:

❯❯❯ netstat -an | grep LISTEN | grep 9000
❯❯❯

Because you are not seeing it, then a wsl2 process can legitimately open the same port for listen, thinking that no other process is using it, like for example (note the absence of reuseaddr and reuseport)

❯❯❯ socat TCP4-LISTEN:9000,bind=127.0.0.1,fork exec:'/usr/bin/echo'

But this is now visible from both WSL2 and windows ! Two listeners on 127.0.0.1:9000

❯❯❯ NETSTAT.EXE -an | grep LISTEN | grep 9000
  TCP    0.0.0.0:9000           0.0.0.0:0              LISTENING
  TCP    127.0.0.1:9000         0.0.0.0:0              LISTENING
  TCP    127.0.0.1:9000         0.0.0.0:0              LISTENING
❯❯❯

And the WSL2 port can be randomly hit instead of the Windows one causing unpredictable behavior.

From my experience the Windows port seems to be 'winning' most of the time, but if the port is under heavy use it sometimes happen that the connection is accepted by the WSL2 listener.

[bingzhangdai]

From my experience the Windows port seems to be 'winning' most of the time, but if the port is under heavy use it sometimes happen that the connection is accepted by the WSL2 listener.

Exactly. Even Windows is not listening on port 9000, connecting to port 9000 on Windows will not always hit port 9000 in WSL2. It sometimes says connection refused. This situation happens where sshd is running in WSL2, and I want to ssh localhost in Windows.

[AlexZablotsky450501]

I also saw similar behavior. We are running Docker Desktop with WSL2 feature enabled. We created a container with 443 port exposed. And for some reason after 2 days of stable work the port become inaccessible. One more strange thing for me is that this port is inaccessible when I try to reach it from another host from the same network (https://host) or even from the same host via its IP (https://192.168.x.x), but it is accessible when I using localhost (https://localhost). Does anyone has any ideas what is happening?)

[bingzhangdai]

@AlexZablotsky450501 Probably, when Windows is forwarding the listening port from WSL2 to Windows, the listening address is changed to localhost.

Run this command in WSL2: socat TCP4-LISTEN:2333,bind=0.0.0.0,fork exec:'/usr/bin/echo'. Then, I opened another terminal and run lsof -i | awk "NR==1 || /LISTEN/", I get,

COMMAND PID  USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
socat   277 david    5u  IPv4  17568      0t0  TCP *:2333 (LISTEN)

It looks fine. But running NETSTAT.EXE -an | awk "NR==4 || /2333.*LISTEN/", I get

  Proto  Local Address          Foreign Address        State
  TCP    127.0.0.1:2333         0.0.0.0:0              LISTENING

It seems that on Windows, it is listening on localhost:2333 not 0.0.0.0:2333. This is why you cannot connect from another host. I also double checked that it indeed cannot be connected from another host.

[PengyuApp]

It happens randomly. Usually wsl --shutdown and restart fix the issue. Very annoying, hope there can be a patch for this issue.

[thomas-lm]

It may be useful for you : I had the same issue when i use VPN on windows to connect to Postgresql (port 5432) server using podman in wsl2/ubuntu. This issue not append with VPN turned off.

It failed on localhost or local ip connection. BUT running NETSTAT.EXE -an | grep LISTEN | grep 5432 show me that listening port is on ::1 (ipv6) and not 127.0.0.1. Then this issue not append anymore when i used ::1 instead of localhost

[Nayrito]

Es muy molesto , pero al reiniciar wsl2 nuevamente puedo acceder a localhost : https://snippets.khromov.se/how-to-restart-wsl2-windows-subsystem-linux-on-windows-10/

[lcaparros]

I have checked I have exactly the same issue when connecting through the VPN. I have tried restarting wsl2 and changing the IP address to ::1 as commented above, but nothing works. I will write back if I find a solution.

[samon11]

Workaround for those looking to just run a bash command against your service such as curl you can access localhost through git bash

[RaymondFallon]

FYI for folks following this thread: after the latest Windows update, this was no longer broken for me. I don't see this issue mentioned anywhere in the update notes, but it may be worth your time to see if this is now fixed for you, as well.

[jhgorse]

Can confirm that WSL2 does NOT connect to Windows 10 services via 'localhost' hostname or IP addresses for the following version:

Microsoft Windows [Version 10.0.19042.1237]
(c) Microsoft Corporation. All rights reserved.

C:\Users\Joe Gorse>ver

Microsoft Windows [Version 10.0.19042.1237]

I can confirm that migrating to WSL1 resolves the issue entirely. For a comparison of features, see https://docs.microsoft.com/en-us/windows/wsl/compare-versions

Notably, WSL1 outperforms WSL2 for Windows File access performance. While WSL2 has the "full Linux kernel", it lacks serial device support that works for WSL1. See the link for full details.

The conversion command where "Ubuntu-20.04" may be any from the list wsl.exe -l -v:

wsl.exe --set-version Ubuntu-20.04 1

Cheers, Joe

[300LiterPropofol]

None of the above solutions work for me. wsl --shutdown or change localhost in wsl to IP address or close firewall or add windows defender firewall inbound rule. My service is running on TCP 127.0.0.1:3000 0.0.0.0:0 LISTENING after doing netstat -an in powershell. Don't know how to fix this still.

[klt14]

@300LiterPropofol Me too!. After upgrading to win11, I found that WSL2 cannot connect to windows proxy even after using windows ip and closing firewall. Maybe a new bug of win11? Waiting for the fix.

[WintonLi]

Inspired by the above solutions, I managed to make it work, though not perfectly.

Problem: My WSL2 cannot connect to the Socks 5 server running at 127.0.0.1:10809 on my Windows 10 host.

Solution:

1. Change the socks 5 server setting - instead of listening to 127.0.0.1:10809, change it to listen to 0.0.0.0:10809
2. Open Windows 10 firewall settings, and add an inbound rule that allows access to port 10809.
3. Find out the WSL2 gateway address (for me it is 172.28.0.1)
4. Now WSL2 can access the service using 172.28.0.1:10809

Note: none of the wsl --shutdown and netsh interface add tricks worked for me.

[hfingler]

None of the tricks shown here worked for me and I can't switch the listening IP since it's not my code. Rolling back to WSL1 worked, though. I just followed @jhgorse 's comment and ran on a powershell:

wsl.exe --set-version Ubuntu-20.04 1

[cip8]

This happens very often on my end too (Windows 11 w/ WSL2). Running wsl --shutdown helps, but only for 15 minutes, until I get a new ERR_CONNECTION_REFUSED for localhost.

Any fix yet, other than reverting to WSL1?

[YuraNick]

My laptop has ip 192.168.0.6 in local net. And access the internet from a wsl2. So, I can use ip 192.168.0.6 as an external ip address for a laptop on my LAN. I have web server on 8080 port. And into wsl2 I can run: curl http://192.168.0.6:8080 It works!

Difficulties:

• I have to to open port (8080 for example and other used) in Windows 10. This reduces security.
• I have to have a static ip for my laptop on the network or I have to change the dynamic ip and keep this in mind.

Connect from wsl2 to VirtualBox use ssh may be with port mapping use in VirtualBox. For example port mapping tcp 192.168.100.6:2222 to 22. Do not forget open 2222 port on Windows. Then in wsl2 run: ssh <user>@192.168.0.6 -p 2222

Inconvenient but it works! I would like a simple solution to appear.