Accessing your WSL2 instance from your local network

To access an application running in a WSL2 instance from a device in a local network, you'll need to route incoming traffic to your WSL2 instance.

You can do it two ways:

The Ngrok way

This is the easiest way. Just:

  1. Download and install ngrok.

  2. Run ngrok http http://localhost:PORT, where PORT is the port you want to expose.

  3. You'll get an output that looks like the following:

ngrok                                                                                                   (Ctrl+C to quit)                                                                                                                        Introducing Pay-as-you-go pricing:

Session Status                online
Account                       ACCOUNT NAME
Version                       3.4.0
Region                        South America (sa)
Latency                       -
Web Interface       
Forwarding           -> http://localhost:3000

Connections                   ttl     opn     rt1     rt5     p50     p90
                              0       0       0.00    0.00    0.00    0.00
  1. Get the first address under Forwarding ( and use it to access your application from anywhere on the planet that has internet access.

That should get you covered. For more details, check out Ngrok docs.

The other way

I didn't come up with this, obviously. I got this fine information from this video from David Bombal.

Here's how the other way works:

1. Grab the IP address of the host machine in your local network.

To do so, open PowerShell on the host machine and run ipconfig.

You'll get a bunch of text, but we are looking for this piece of information:

Wireless LAN adapter Wi-Fi:
   Connection-specific DNS Suffix  . :
   IPv4 Address. . . . . . . . . . . :
   Subnet Mask . . . . . . . . . . . :
   Default Gateway . . . . . . . . . :
Note: if you are using an ethernet cable to connect to the local network, you might see different results.

The IPv4 Address value, which in this case is, is what you need. Then...

2. Get the IP address of your WSL2 instance running on your host machine

Instead of using PowerShell on the host machine, open the shell on your distro that's running in WSL2.

As I'm using Ubuntu, I ran ip addr | grep eth0. You'll get something like this:

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    inet brd scope global eth0

Again, the information that matters here is the IPv4, but the one with the /20 mask, which is That's the IP address of your WSL2 instance under the host machine.

3. Doing the thing

We found out that the IP of the host machine in the local network is, the IP of the WSL2 instance in the host machine is

Now, I want to run a web server on, say, port 3000. How can I expose the web server to the local network?

It's simple. Open a PowerShell instance as an Administrator and run the following command:

netsh interface portproxy add v4tov4 listenport=<host-machine-port> listenaddress= connectport=<wsl2-instance-port> connectaddress=<wsl2-instance-ip>

Replacing the values in, we get the following:

netsh interface portproxy add v4tov4 listenport=3000 listenaddress= connectport=3000 connectaddress=
That's right, you don't need to type in the host machine IP address in this command.

After executing that, incoming traffic from the network to the host machine ( will be routed to your WSL2 instance (

So go ahead, grab your phone or any other device, and try reaching It should work.

Note that the IP of your WSL2 will likely change after you reboot your machine or the WSL2 instance. In that case, you'll need to grab the new WSL2 IP and run the PowerShell command again. It is annoying, but it is what it is.

But it didn't work!

If it's still not working after doing everything I told you to do, then you'll need to update your firewall rules.

I won't get into details, but you should create an inbound rule for your firewall, allowing TCP connections to the specific ports you want to unlock. In our example, it's port 3000. My advice is to name the rule something along the lines of "WSL2 Unlock". Otherwise, believe me, you won't find it.

It should look like this:

Now it should be working fine and you should be able to get back to work.

If it still doesn't work you can always use Ngrok.