Reverse SSH tunneling is a common technique for making a machine sitting behind NAT accessible from the Internet. Usually, this involves some command-line trickery, but localtunnel provides a hassle-free way to enable access to a server on a local network.
Most people have a standard internet setup where you have a router connected to the internet with a single IP address, and a network of computers that all "share" the same IP address. This is great for two reasons: the first one is that the network is very safe, as it's unreachable from the outside. It also means that any one specific computer can "get out", but nothing can connect "to it" so to speak.
If you have a local machine, sometimes you want people to be able to connect to it -- even if you are behind a router with a single IP.
For example, you might be a web developer who wants to show a prototype to a calendar.
A possible solution
SSH can come really handy here. You can indeed solve this problem with SSH alone, creating what it's technically called a "tunnel". This means that:
- Your machine creates a secure SSH tunnel with a server connected to the Internet. Note that your own machine initiates the connection
- The traffic going to a specific port of that outside machine is then forwarded towards the tunnel.
Sounds complicated? Well, it's not if you are willing to twist your mind a little, and delve into the SSH manual.
For anybody else, welcome to localtunnel!
Localtunner does everything for you: all you need to do is install it, and run it.
Before you deploy localtunnel on your (firewall-protected) server, you need to install a handful of dependencies. To do this on Debian or Ubuntu, run the following command as root:
apt-get install ruby ruby1.8-dev rubygems1.8 libopenssl-ruby
Install then localtunnel by executing the
gem install localtunnel as root. Next, generate a key pair, and upload the public key for authentication:
ssh-keygen -t rsa
localtunnel -k ~/.ssh/id_rsa.pub 8080
The last command assumes that the server you want to make accessible runs on port 8080. Finally, execute the
localtunnel command as follows:
Use then the URL generated by localtunnel to access the server from outside your local network. The response will similar to:
Port 8080 is now publicly accessible from http://9rtr.localtunnel.com …
Use with care!
Please remember that the security you have when you are protected by a router dissolves when you open your server to the external world.