TK
Docs
Top Tags

WSL enable host mode networking

Windows WSL enables host mode networking in Windows WSL config

wslwindowslinuxnetworking

WSL Mirrored Networking Mode (Host Mode)

Mirrored networking mode is an advanced WSL 2 networking architecture that mirrors Windows network interfaces into Linux, providing enhanced compatibility and features compared to the default NAT (Network Address Translation) mode.

Overview

System Requirements:

  • Windows 11 22H2 or higher
  • WSL 2 (Windows Build 19041+)
  • WSL version 2.0.0 or higher

Key Benefits:

  • IPv6 Support: Full IPv6 protocol support in WSL distributions
  • VPN Compatibility: Improved connectivity when using VPN solutions
  • Multicast Support: Enables mDNS and other multicast protocols
  • Direct LAN Access: WSL instances can be accessed directly from local area network
  • Reduced NAT Overhead: Eliminates double NAT scenarios in complex network environments

Architecture Comparison

Default NAT Mode

In NAT mode, WSL creates a virtual network adapter with a separate subnet (typically 172.x.x.x). Windows acts as a NAT gateway, translating network addresses between WSL and the external network. This introduces:

  • Port forwarding requirements for inbound connections
  • IPv4-only communication
  • VPN compatibility issues
  • Additional network latency

Mirrored Mode

Mirrored mode creates a bridge between Windows and WSL network interfaces, allowing:

  • Direct network interface access from Linux
  • Automatic synchronization of network configuration
  • Transparent routing between Windows and WSL
  • Support for advanced networking protocols

Config file location

Path to Configuration file

bash
1C:\Users\<user>\.wslconfig

Run in terminal

bash
1.wslconfig

Enable host mode networking

bash
1[wsl2]
2networkingMode=mirrored

Advanced Configuration Options

Complete .wslconfig Example

bash
1[wsl2]
2# Enable mirrored networking mode
3networkingMode=mirrored
4

5# DNS tunneling for improved DNS resolution
6dnsTunneling=true
7

8# Firewall integration with Windows Defender
9firewall=true
10

11# Automatic memory reclaim (requires Windows 11)
12autoMemoryReclaim=gradual
13

14# Memory allocation (in GB)
15memory=8GB
16

17# Processor count
18processors=4
19

20# Swap size
21swap=8GB
22

23# Virtual hard disk limit
24vmIdleTimeout=60000

Automatic Network Configuration

WSL automatically configures the following Linux kernel network settings in mirrored mode:

SettingValuePurpose
net.ipv4.accept_local1 (Enabled)Accept locally-destined packets
net.ipv4.route_localnet1 (Enabled)Enable routing of local addresses
net.ipv4.rp_filter0 (Disabled)Disable reverse path filtering
net.ipv6.accept_ra0 (Disabled)Disable router advertisements
net.ipv6.autoconf0 (Disabled)Disable IPv6 autoconfiguration
net.ipv4.arp_filter1 (Enabled)Enable ARP filtering per interface

Warning: Manual modification of these settings while using mirrored mode is not supported and may cause network instability.

Port Exclusion Configuration

Some Windows services use specific ports that should not be forwarded to WSL. You can exclude ports using the ignoredPorts setting:

bash
1[wsl2]
2networkingMode=mirrored
3

4# Exclude ports from being forwarded to WSL
5ignoredPorts=135,445,1900,2869,3702,5004,5357,5358

Default Excluded Ports:

  • 68 (UDP): DHCP client
  • 135 (TCP): DCE endpoint resolution
  • 1900 (TCP): UPnP (Universal Plug and Play)
  • 2869 (TCP): SSDP events
  • 3702 (TCP): WS-Discovery
  • 5004 (TCP): RTP (Real-time Transport Protocol)
  • 5357-5358 (TCP): WSD (Web Services for Devices)

Applying Configuration Changes

After modifying .wslconfig, restart WSL to apply changes:

bash
1# Shutdown WSL completely
2wsl --shutdown
3

4# Verify WSL is stopped
5wsl --list --verbose
6

7# Start your distribution
8wsl -d Ubuntu

Verification and Troubleshooting

Check WSL Version

bash
1# Check WSL version and build
2wsl --version
3

4# Expected output:
5# WSL version: 2.0.0.0 or higher
6# Kernel version: 5.15.x or higher

Verify Network Interfaces

bash
1# List network interfaces in WSL
2ip addr show
3

4# Check routing table
5ip route show
6

7# Test IPv6 connectivity
8ping6 google.com

View Network Configuration

bash
1# Display current WSL network settings
2cat /etc/resolv.conf
3

4# Check DNS resolution
5nslookup microsoft.com
6

7# Test multicast DNS (if mDNS is configured)
8avahi-browse -a -t

Common Issues and Solutions

Issue: Docker containers fail with published ports

bash
1# Workaround 1: Use host networking
2docker run --network host <image>
3

4# Workaround 2: Add ports to ignoredPorts in .wslconfig
5[wsl2]
6networkingMode=mirrored
7ignoredPorts=8080,3000,5000

Issue: VPN incompatibility Some VPNs are known to be incompatible with mirrored mode:

  • Bitdefender VPN
  • OpenVPN (specific versions)
  • McAfee Safe Connect

Consider using NAT mode with these VPNs or consult vendor documentation for WSL compatibility.

Multicast DNS (mDNS) Configuration

Mirrored mode supports mDNS for resolving .local domains. Configure Avahi for mDNS support:

bash
1# Install Avahi daemon (Ubuntu/Debian)
2sudo apt update
3sudo apt install avahi-daemon libnss-mdns
4

5# Enable and start the service
6sudo systemctl enable avahi-daemon
7sudo systemctl start avahi-daemon
8

9# Verify mDNS resolution
10ping mydevice.local

Configure NSSwitch for mDNS

bash
1# Edit /etc/nsswitch.conf
2sudo nano /etc/nsswitch.conf
3

4# Ensure this line includes 'mdns4_minimal' or 'mdns':
5# hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4

Performance Considerations

Network Latency

Mirrored mode typically reduces network latency by 10-20% compared to NAT mode due to elimination of address translation overhead.

Memory Usage

Mirrored networking may use slightly more memory (~50-100MB) for maintaining network interface mirrors.

CPU Impact

Minimal CPU overhead; network operations are handled directly by the kernel without additional translation layers.

Security Implications

Firewall Integration: When firewall=true is enabled in .wslconfig, WSL integrates with Windows Defender Firewall, applying Windows firewall rules to WSL traffic.

Direct Network Exposure: Unlike NAT mode, mirrored mode exposes WSL services directly to the local network. Ensure proper firewall rules and service hardening.

Recommended Security Practices:

bash
1# Check open ports in WSL
2sudo ss -tulpn
3

4# Configure UFW (Uncomplicated Firewall)
5sudo apt install ufw
6sudo ufw enable
7sudo ufw allow 22/tcp  # SSH
8sudo ufw allow 80/tcp  # HTTP
9sudo ufw allow 443/tcp # HTTPS
10sudo ufw status verbose

Best Practices

  1. Always test after enabling: Verify network connectivity and application functionality
  2. Document port requirements: Keep track of ports used by your services
  3. Monitor system logs: Check for network-related errors
  4. Use DNS tunneling: Enable dnsTunneling=true for improved DNS resolution
  5. Regular updates: Keep WSL updated with wsl --update

Additional Resources