How to make a local web server visible from the internet *without* setting up port forwarding on the router?

networking windows reverse-proxy vpn hamachi

If you have a server you can SSH to and that server permits you to listen on the relevant ports the public IP address(es) (which if you control it, it will - perhaps even the desktop machine you describe if you install SSHd via cygwin or similar) you could use SSH's tunnelling option to pull traffic to your local server.

Something like: ssh [email protected] -g -R 11.22.33.44:80:127.0.0.1:80 will, once connected and authenticated, make port 80 on 11.22.33.44 (assuming that is a public address of the server) take connections that are then forwarded down to your local port 80. You need the GatewayPorts option enabled on the server to listen on a non-localhost address this way, and need to be logged in as root to listen on ports below 1024, and if there is already a service listening on port 80 there you obviously need to choose something else anyway. Adding the -C option to enable compression of the streams going via SSH is recommended, especially if you connect the laptop via a slow network (perhaps stuck in the middle of nowhere with only a GPRS mobile connection available).

To use ssh on Windows you have a few options. You can install cygwin's port [then the command I gave above should JustWork(tm)] or use some other client. PuTTY is a very popular option and it supports remote port tunneling.

This way your machine's web server will always be available on the same address when connected too, no matter where you connect from, so there is no need to use dynamic DNS for human friendly names you might wish to assign (assuming the server you connect to has a fixed public address, of course).

Rather than using a home or office server for this, which may slow things down further unless you have a nice fast connection in both directions there, you might get better results by renting a small Linux VPS somewhere (preferably in the same country) just for this purpose. You only need the smallest of machines as long as there is enough bandwidth so this will only cost a-couple-or-few $ per month.

As well as SSH you could also consider a VPN tool such as OpenVPN and use simple iptables rules on the server to forward connections down to your machine when connected. This may be more efficient and less hassle once setup, but may be a little extra hassle to configure if you are not familiar with it and routing in general already. Again a cheap VPS or your own office/home server would do as the server end of the VPN.


IPV6 tunneling on the laptop, combined with an ipv4 to 6 proxy - gogo6 have a nice, free service with a client to autoupdate as part of freenet6 - . Combine that with a AAAA record and a proxy that translates from ipv6 to 4 (sixxs runs a public one), or for a more elegant solution, your own proxy server (polipo might work) that does the translation running on the same A address

Set up properly, this should be mostly transparent, other than slight latency from being bounced around so many times.

Related

NTFS Permissions - SYSTEM
How to use makefiles on Windows
Is it possible to change the user's shell system-wide without using chsh?
How do I disable "modern login items" (shared helper applications) which don't show up in system login items? [duplicate]
Screeching, distorting and oversensitive AirPods Pro
Graphics tablet used to work without a third-party driver. How to reenable this?
MacOS randomly disconnecting from WIFI
How to set a consistent location for drives mounted on boot?
Finding a drive adapter to re-use the old hard drive from a Macbook Pro early 2015 13"
Siri Accounts Faults in MAC OS Catalina (10.15.6): (Process Demon Faults: accountsd + deleted + locationd) VERY slow CPU!
Macbook doesn't want an SSD
Can you access an AirPort Extreme (5th Gen) disk from an iPad