I use Docksal to manage all my development environments on a WSL2 distribution using docker. So, to create a new Laravel project I would normally do this:

From there I can access the project using the generated local address from Linux. Docksal uses dnsmasq to resolve these addresses:

$ curl http://helloworld.docksal
<!DOCTYPE html>
<html lang="en">
    <head>
        <meta charset="utf-8">
        <meta name="viewport" content="width=device-width, initial-scale=1">
...

However, I cannot access that address from Windows. What I've been doing until now is to add an entry in my Windows hosts file to redirect these new address to localhost:

127.0.0.1     helloworld.docksal

But once I added this entry, the site is still not accessible from Windows. I need to run a powershell script that I took from a github issue to create firewall rules, so I can actually access it.

I haven't found a solution for this yet, but what I would love to see is:

1. The local address created in Linux doesn't require me to add a hosts entry in Windows.
2. The firewall rules are automatically updated to allow access.

Installing a custom DNS entry

To solve the first issue I tried to use a custom DNS proxy (Acrylic) to redirect all *.docksal addresses back to localhost, like I'm doing with the hosts file. But when I try to execute the server it fails to start because UDP port is already in use:

2020-02-12 10:29:00.233 [E] TDnsResolver.Execute: TDualUdpServerCommunicationChannel.Bind: Binding to IPv4 address failed with Windows Sockets error code 10048.

What is using port 53 (the standard DNS port)? I used tcpview to find out.

It looks it is svchost. Using the PID and the Process Explorer I found that it was related to a service called Shared Access.

I had walked so far to stop digging now, so I opened the services and looked for ICS (maybe the initials for Internet Connection Sharing in English) and found it was configured to start manually.

I was feeling brave and tried to stop it, but I couldn't do it. It refused to stop with an error dialog that said (in a loose translation): “Windows couldn't stop the service in the local computer”. Nice. I switched the service to Disabled and decided to reboot. Upon reboot, it was enabled again, set to start in “Manual” mode. So no luck so far to enable a custom DNS Proxy.

Enabling the firewall by default

I'm running the script I found in github manually when I can't access the sites in WSL2 (normally after a reboot), and since I don't often reboot I could keep doing it.

I don't know if the script creates security issues, but I if I get tired of running it manually I could configure it to run every time I boot or every hour even.

Update 2021-04-28: It is possible to run the script from WSL2. Since I'musing fish shell, I created the alias winfirewall to run it:

alias --save winfirewall 'powershell.exe start-process PowerShell -verb runas "C:\Users\alinares\firewall_rules.ps1"'

#windows #wsl