KalyanChakravarthy.net

Thoughts, stories and ideas.

Open home webserver to internet

There are several ways to open up your home webserver to the internet, the most popular one involves port forwarding. But it is not something that one can assume to be available in all situations.

If you do have a server already, we can use it to create a tunnel. This essentially involes 2 steps

1. create tunnel from home server to remote server

This creates a tunnel between home_port and remote_port_x.

ssh -R <remote-port-x>:<home_localhost>:<home_port> <remote.server.com>

Example:

[8080] = remote port
[5000] = local port

ssh -R 8080:localhost:5000 [email protected]

2. make remote server port internet aware

By default, opening a reverse tunnel, will only bind it to the loopback interface. Which means, home computer will be accessible from localhost:<remote-port-x>, but not from <remote.server.com>:<remote-port-x>.

There are multiple ways to solve this

a. enable GatewayPorts

  1. Open /etc/ssh/sshd_conf on the remote server
  2. Set GatewayPorts to either yes or clientspecified
  3. Restart ssh daemon
    ubuntu - sudo service ssh restart

Ensure that you add -g option to step 1, for step a to work.

b. create local tunnel

Since initial tunnel binds to loopback interface, this local-only tunnel, binds it to all interfaces on a different port, thereby exposing it to the internet.

ssh -L 0.0.0.0:<internet_port>:localhost:<remote-port-x> <remote.server.com>

<remote-port-x> is the same port specified in step 1

c. socat or netcat

Either of these tools can be used to relay traffic between the tunnelled port (I haven't tried this yet)