I run a Linux-application from within WSL2 on Windows 11. Actually, the application is a docker container that uses the --network=host switch. My application requires a network connection to a license server in the corporate network that is located behind a firewall that allows connections only from certain IP addresses. Unfortunately, WSL2 is implemented such that it uses a specific network adapter (Ethernet adapter vEthernet (WSL)) and a somewhat randomized IP address, e.g. 172.22.240.1, and it uses this address to access my company network. These connections are blocked by the firewall. This does not work when connected directly in the company nor when connected via VPN.
Is there a way to tell Windows, all traffic from the WSL2 should be kind-of masked (NAT?) via the "ordinary" network interface so that it uses the same IP address as the host pc?
I have searched for this issue but only found answers for the other direction (accessing a webserver for example from LAN in the WSL2).
WSL1 solves it differently, but I need WSL2 as this is a GUI application which is only supported in WSL2. Hence, I would like to stay with WSL2.
WSL1 solves it differently, but I need WSL2 as this is a GUI application which is only supported in WSL2. Hence, I would like to stay with WSL2.
Right. Most people end up opting for the WSL1 route, but since you require WSL2, you may not have that luxury. Although, before we give up on that totally, consider that WSL1 can still run GUI applications - You just have to set up an X server in Windows in order to host them. See this Super User answer for details on that. I've used VcXsrv myself, but others should be fine as well.
As for WSL2 options, my personal preference would be to:
Set up the Windows OpenSSH server on your system.
Create a tunnel like:
ssh -L <license_server_port>:<license_server_host_or_IP>:<license_server_port> \
<windows_username>@$(hostname).local
With that in place, your application running in WSL2 should connect to localhost:<port>. Because the SSH client is connected to the Windows host, the license server will see any requests as coming from the Windows host, which should allow it through the firewall.
Based on the fact that you are posting on Stack Overflow, I'm assuming this is an application that you are developing, and you can modify it to change the license server to localhost:<port>. However, if you can't make that change, you should still be able to set up an entry in /etc/hosts that would map the license server hostname to 127.0.0.1.
However, there's another possibility:
Is there a way to tell Windows, all traffic from the WSL2 should be kind-of masked (NAT?) via the "ordinary" network interface so that it uses the same IP address as the host pc?
Well, sort of, maybe -- You might try running WSL2's network switch in bridge-mode, which should make the traffic appear as if it is from the same network adapter as the Windows host.
Caveats -- This feature was only mentioned one-time, AFAIK, in a comment by the Microsoft WSL Product Manager as an "experimental" feature about 18 months ago. After that (again, AFAICT), it was never mentioned again, even in the release notes as WSL hit the 1.0.0 milestone.
But with that in mind, here's a blog post that details how to get it running. I have suggested it multiple times in other answers, and I've never heard of anyone trying it. Most settle for WSL1, and the rest go with a port forwarding solution. So if you do happen to try it, I'd love to hear if it worked from you. I'd even recommend that, if you do use it and it works, you write up your experience (and the details of how you got it working) as a separate answer.