Last active
May 8, 2024 06:01
-
-
Save shigenobuokamoto/b565d468541fc8be7d7d76a0434496a0 to your computer and use it in GitHub Desktop.
/etc/systemd/system/network-mirrored.service
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[Unit] | |
Wants=network-pre.target | |
Before=network-pre.target shutdown.target | |
[Service] | |
User=root | |
ExecStart=/bin/sh -ec '\ | |
[ -x /usr/bin/wslinfo ] && [ "$(/usr/bin/wslinfo --networking-mode)" = "mirrored" ] || exit 0;\ | |
echo "\ | |
add chain ip nat WSLPREROUTING { type nat hook prerouting priority dstnat - 1; policy accept; };\ | |
insert rule ip nat WSLPREROUTING iif loopback0 ip daddr 127.0.0.1 counter dnat to 127.0.0.1 comment mirrored;\ | |
"|nft -f -\ | |
' | |
ExecStop=/bin/sh -ec '\ | |
[ -x /usr/bin/wslinfo ] && [ "$(/usr/bin/wslinfo --networking-mode)" = "mirrored" ] || exit 0;\ | |
for chain in "ip nat WSLPREROUTING";\ | |
do\ | |
handle=$(nft -a list chain $chain | sed -En "s/^.*comment \\"mirrored\\" # handle ([0-9]+)$/\\1/p");\ | |
for n in $handle; do echo "delete rule $chain handle $n"; done;\ | |
done|nft -f -\ | |
' | |
RemainAfterExit=yes | |
[Install] | |
WantedBy=multi-user.target |
revision 8:
delete IPv6 routing filter
- natively supported in wsl 2.2.2
I saw your description in the issue "adding this action breaks the prerouting hook and disables any Docker rules set in the PREROUTING chain". Can you explain why? The dnat of 127.0.0.1 to 127.0.0.1 seems redundant. thx
@Adam-Jin
as you said, it is redundant.
nothing changes with this DNAT, except that it can terminate the prerouting hook.
PREROUTING is not processed by applying DNAT first.
this is the reason why PERROUTING (Docker's rules) is handled poorly in mirrored networking.
microsoft/WSL#10494 (comment)
explanation about systemd service can be found here.
microsoft/WSL#10494 (comment)
thx
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
you can try it.