3

I'm running a webserver on my Windows machine on port 4200. If I open a browser, I can communicate with that webserver by going to localhost:4200

I'd like to connect to the webserver from within the Windows Sandbox. My sandbox configuration allows for networking, and a browser in the Sandbox can browse the internet just fine. However, it cannot reach my webserver by going to localhost:4200. I assume this is because localhost refers to the Sandbox itself.

Here is my wsb configuration. Again, internet access works.

<Configuration>
<MappedFolders>
   <MappedFolder>
     <HostFolder>C:\Users\JohnDoe\Documents\Sandbox\Share</HostFolder>
     <ReadOnly>false</ReadOnly>
   </MappedFolder>
</MappedFolders>
</Configuration>

How can I reach my webserver on the host machine from my browser in the sandbox?

BeetleJuice
  • 39,516
  • 19
  • 105
  • 165

2 Answers2

1

Sandbox localhost is different than your host. Get the "Ethernet adapter vEthernet (Default Switch):" IPv4 Address from host and use it in your sandbox browser

Ex: From within sandbox, I can ping the host:

Pinging 172.20.160.1 with 32 bytes of data:
Reply from 172.20.160.1: bytes=32 time<1ms TTL=128
Reply from 172.20.160.1: bytes=32 time<1ms TTL=128
Reply from 172.20.160.1: bytes=32 time<1ms TTL=128
Reply from 172.20.160.1: bytes=32 time<1ms TTL=128

I could access my localhost app from a sandbox browser by browsing http://172.20.160.1:<app_port>

vikas
  • 1,318
  • 4
  • 16
  • 33
  • 1
    For some reason, it doesn't work. I can ping the host but accessing with a sandbox browser is not possible :( – Damian Ubowski May 24 '22 at 12:25
  • This answer is missing how to get the IPv4 address. From the host, run `ipconfig` from the command-line. That will give you a bunch of information. Look for these lines: Ethernet adapter vEthernet (Default Switch): IPv4 Address. . . . . . . . . . . : 999.99.999.9 – Metalogic Sep 28 '22 at 18:13
  • @DamianUbowski were you able to solve your issue? I seem to be hitting the same one. – LOST Mar 10 '23 at 17:24
  • I explicitly added the server's port to firewall rules, and checked that it opens by ip:port from the host machine. Still can't access from Sandbox. Weirdly, I can SSH into my host from the Sandbox, so SSH does not experience the same problem. – LOST Mar 10 '23 at 17:32
1

There are a couple issues going on here.

First, your web server needs to be listening on the address that sandbox can reach (it probably isn't by default).

Second, your firewall on the server needs to allow inbound connections from the address space that sandbox uses.

Changing the IP address binding of your webserver varies by the server platform. If this were a .net project using Kestrel or IIS, you might check in your project's properties folder for a file named "launchSettings.json", and you'll note that by default the addresses the server(s) listens on is "localhost". That's ordinarily fine, but if you're trying to hit it from sandbox, you'll need to be listening on the address that the sandbox can reach.

Your config probably says something like "https://localhost:4200". Most servers are going to be just fine with you telling it to listen on 0.0.0.0, which means any address, so change the entry to "https://0.0.0.0:4200". You can just put this into launchSettings.json to get it working, but likely you'd want to keep this pretty restricted long term. In this case, you can add the specific host address used by the virtual switch.

To get that address, as described in another answer, you get the ip address of the host that your sandbox can reach either by looking on the host with ipconfig to find the address of the adapter named "Ethernet adapter vEthernet (Default Switch)" or look at the gateway address on the sandbox under ipconfig. Same/Same.

You want your server to be listening on that address, by default it's probably not.

Now you should be able to browse to that host address from the host itself and it should reply just fine. NOTE that you'll probably get a certificate error, though, but at least you know the server is listening.

Now try hitting that same address from the sandbox. If you can't hit it from the sandbox, it's just a firewall issue at this point. As always, there are a few ways to address this problem from simple and insecure to more complex and more secure:

  1. Temporarily disable the firewall on the host.

  2. Open Windows Security, click on Firewall & Network Protection, then "Allow an app through firewall", find the pre-existing entry for the app you're running, and open it to public networks. NOTE that this may not be very 'sticky' as the app entry can change over time.

  3. Open Advanced Settings under Firewall & Network Protection. Create a new rule, maybe do it by port and specify the port (4200) that your server is listening on. You can loosen or tighten this to your heart's content with all sorts of other parameters. The idea is that you want to spend as little time worrying about whether this rule is working (open enough), but not worry about somebody on the LAN hitting your system (closed enough). Experiment until you find the right restriction level that you're comfortable with.

As mentioned, some behaviors will now change. The certificate error is one. If you're testing something that is configured to use an external identity provider, you'll also need to consider that your endpoint has changed from "localhost" to the address in question. But if you're getting errors from that sort of thing, you've already solved your networking issues.

user71030
  • 106
  • 5