SSH reverse tunnel If you do need to use WSL2, here's an option that doesn't require port forwarding or any advanced firewall rules that need to be updated each time WSL restarts. The problem with those rules is that the IP address for WSL changes every time you restart, meaning those rules have to be deleted and recreated constantly.
On the other hand, we can use SSH within WSL2 to connect to Windows, where the name, and perhaps even the IP address, is constant.
One-time setup: Enable SSH
There's some one-time setup for this, but it's useful regardless:
First, install/enable Windows OpenSSH server. This is a feature that is built-in to Windows and just needs to be enabled. You'll find the full instructions here, but it's typically just a matter of (from an Admin PowerShell):
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
Start-Service sshd
Set-Service -Name sshd -StartupType 'Automatic'
if (!(Get-NetFirewallRule -Name "OpenSSH-Server-In-TCP" -ErrorAction SilentlyContinue | Select-Object Name, Enabled)) {
Write-Output "Firewall Rule 'OpenSSH-Server-In-TCP' does not exist, creating it..."
New-NetFirewallRule -Name 'OpenSSH-Server-In-TCP' -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22
} else {
Write-Output "Firewall rule 'OpenSSH-Server-In-TCP' has been created and exists."
}
Edit your C:\ProgramData\ssh\sshd_config
and set GatewayPorts yes
. This is what allows us to use SSH as a gateway from other devices on the network.
Finally, of course, you'll need a firewall rule in Windows allowing the HTTP(s) (or other) port you'll be using. Example (from Admin PowerShell):
New-NetFirewallRule -DisplayName "WSL Python 8000" -LocalPort 8000 -Action Allow -Protocol TCP
And restart the OpenSSH Server service:
Restart-Service sshd
Create the tunnel
With that in place, it's a simple matter to create the tunnel we need:
ssh -R 8000:localhost:8000 NotTheDr01ds@$(hostname).local
Replacing, of course, NotTheDr01ds
with your own Windows username, if it differs from the WSL username
That's going to use your Windows username and password since SSH is running on the Windows side.
Once you have ensured that it works, two other recommendations: