This is a security feature and also present on Windows. But naturally fewer people want remote access to a Windows machine.
You need to start the service with --webservice-interface=any otherwise it will only listen to requests from 127.0.0.1. If you do enable outside access, make sure you lock down your network, as the webserver is not security hardened.
If at all possible I recommend you use SSH port forwarding instead, as that makes it harder to get access to the service.
Not sure why that is? Duplicati just looks at files and folders, so if the stuff is mounted with read access from the user it should work fine.