access blocked from WSL/rancher subnet

[NF117]

We would like to use "Rancher Desktop" in our company.
Unfortunately I can't load any container images from our internal registry at the moment.
Get the following error message:

Error response from daemon: Get "https://registry...": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)

I found out that our firewall blocks access from WSL's own subnet.

Is there a solution? Is it possible that rancher gets an IP from the internal company network?
Unlocking the wsl subnet is not an option for us for security reasons

[Nino-K]

@NF117 How are you accessing the internal registry? is it accessible over the VPN?

[NF117]

the computer running "rancher-desktop" is in the same company network as the container registry.
When I work from home I am connected to the company network via vpn.
In both cases the same problem

[Nino-K]

@NF117 without having to define a allow list in the firewall it would be difficult to tackle this since WSL is not really configurable. Are you able to have a deterministic configuration for your firewall to only allow WSL traffic?

e.g

New-NetFirewallRule -DisplayName "WSL" -Direction Inbound -InterfaceAlias "vEthernet (WSL)" -Action Allow

The rule above uses interface names rather than IP addresses(s). The attack vector or security risk is minimal since it only allows traffic from the interface "vEthernet (WSL)" which is a WSL interface.

[NF117]

Docker desktop doesn't have the problem. Images can be loaded from the company registry.
I fround this description: docker-desktop-networking-works-under-the-hood

Docker Desktop avoids this problem by forwarding all traffic at user-level via vpnkit

Could this also be a solution for Rancher Desktop?
Changing the firewall might be difficult in our company but I'll try again