Last active
September 27, 2024 13:53
-
-
Save shigenobuokamoto/540c5f09a03eb07149501e99a6c8d82b to your computer and use it in GitHub Desktop.
network-mirrored.service.2.3.11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Unit] | |
| Wants=network-pre.target | |
| Before=network-pre.target shutdown.target | |
| [Service] | |
| User=root | |
| ExecStart=/bin/sh -ec '\ | |
| [ -x /usr/bin/wslinfo ] && [ "$(/usr/bin/wslinfo --networking-mode)" = "mirrored" ] || exit 0;\ | |
| echo 1 > /proc/sys/net/ipv4/conf/all/route_localnet;\ | |
| nft add rule ip nat WSLPOSTROUTING "iif \"loopback0\" ip saddr 127.0.0.0/8 ip daddr != 127.0.0.0/8 counter masquerade comment mirrored"\ | |
| ' | |
| ExecStop=/bin/sh -ec '\ | |
| [ -x /usr/bin/wslinfo ] && [ "$(/usr/bin/wslinfo --networking-mode)" = "mirrored" ] || exit 0;\ | |
| echo 0 > /proc/sys/net/ipv4/conf/all/route_localnet;\ | |
| for chain in "ip nat WSLPOSTROUTING";\ | |
| do\ | |
| handle=$(nft -a list chain $chain | sed -En "s/^.*comment \\"mirrored\\" # handle ([0-9]+)$/\\1/p");\ | |
| for n in $handle; do echo "delete rule $chain handle $n"; done;\ | |
| done|nft -f -\ | |
| ' | |
| RemainAfterExit=yes | |
| [Install] | |
| WantedBy=multi-user.target |
this script is no longer needed.
please use Docker 27.3.0 or later.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
for WSL 2.3.11 later
this service solves the issue of not being able to reach Docker containers via 127.0.0.1 from a Windows host.
unlike the old one, it does not use userland-proxy, but uses iptables(nftables). (This is possible from WSL 2.3.11 onwards.)
in addition, communication is possible from 127.0.0.0/8 <--> 127.0.0.0/8, but some missing route have been added.removed in revision 4.