Unlike WSL (Windows Subsystem for Linux) version 1, WSL version 2 (WSL2) has its own isolated network and you cannot readily connect back to X410 running in Windows via TCP/IP connections; Windows Defender Firewall blocks such connections for security reasons.

In order to use X410 with those Linux GUI apps running in WSL2, you must enable 'Public Access' option in X410 and allow its inbound public access in Windows Defender Firewall. However, when you grant that public access for X410 in Windows Defender Firewall, any app can forward its GUI output to your X410 even if it's running in a different computer. The following guide shows the steps to prevent such unsolicited connections by adding an inbound rule to Windows Defender Firewall.

Computer AAA
Your computer with X410 and WSL2 running
Computer BBB
Unknown computer somewhere

Before adding a firewall inbound rule for protecting X410, you should first make your X410 work with Linux GUI apps running in WSL2. The following post outlines those steps for setting up X410 and WSL2:

Once you have Linux GUI apps running in WSL2 working with X410, check the DISPLAY environment variable in WSL2. Its IP address should be in between 172.16.0.0 and 172.31.255.255; a dedicated IP address range for local private network environments. WSL2 as well as Hyper-V virtual machines seem to be using IP addresses in this range.

If your DISPLAY environment variable is pointing to an address in a different IP address range, the following steps will *NOT* work; you need to make adjustments according to your DISPLAY environment variable.

DONE

Do you remember the 'Windows Security Alert' popup window while setting up X410 for WSL2? You must select the 'Public networks...' option in that popup window; Linux GUI apps running in WSL2 cannot connect back to X410 running in Windows if that option is not enabled.

When you enable that option, Windows automatically adds two inbound rules in its Windows Defender Firewall; they're named as 'x410' (lower-case 'x').

Before adding our own rule that only allows connections from WSL2, you need to disable those two rules; those two rules allow connections from any computer. Please note that you need to 'disable' them instead of deleting; if you delete them, Windows again shows the security alert popup window the next time you start X410.

Once you disable those two rules, you'll get "can't open display", "connection timed out" or similar errors from locally running Linux GUI apps in WSL2 as well as remotely running apps in separate computers. We'll be adding a new rule in the next step for fixing those errors.

DONE

We now need to add a 'Custom' inbound rule in Windows Defender Firewall. The following screenshots show the steps for adding this rule. You can use all the default settings preselected by Windows Defender Firewall except for the Step 3.4 (Scope) where you need to enter an allowed IP range.

3.1 Rule Type

3.2 Program

Windows Defender Firewall doesn't seem to support setting an IP range if a specific program is selected. Also, since X410 is a Microsoft Store app, you shouldn't actually try to access its executable; Windows purposefully hides Microsoft Store app installation folders in order to improve Windows security as well as its app update process.

Anyhow, this shouldn't be of any problem for our needs as our new rule only allows connections from WSL2 to any publicly opened app running in Windows such as X410 with its 'Public Access' option enabled.

3.3 Protocols and Ports

3.4 Scope

In this step, instead of using the default settings, you need to specify local IP addresses for WSL2. As mentioned above, Windows seems to be using IP addresses between 172.16.0.0 and 172.31.255.255 for WSL2 and Hyper-V virtual machines. You can use a shortened notation of those IP addresses, i.e., "172.16.0.0/12" for this option.

3.5 Action

3.6 Profile

3.7 Name

You can enter any name for this option. We used "X410 Public Access for WSL2 Only" for our new rule.


3.8 Done!

Computer AAA
Your computer with X410 and WSL2 running
Computer BBB
Unknown computer somewhere


As mentioned in Step 3.2, this newly added rule is not only applied to X410 but also applied to all other publicly opened apps running in Windows. So, if you want to protect an app that needs to be connected from WSL2, you can now simply disable its Windows Defender Firewall public access rules; you should be able to find such rules similar to the ones shown in Step 2 for X410.

DONE

Share This Story, Choose Your Platform!