How to make a local web server visible from the internet *without* setting up port forwarding on the router?

If you have a server you can SSH to and that server permits you to listen on the relevant ports the public IP address(es) (which if you control it, it will - perhaps even the desktop machine you describe if you install SSHd via cygwin or similar) you could use SSH's tunnelling option to pull traffic to your local server.

Something like: ssh [email protected] -g -R 11.22.33.44:80:127.0.0.1:80 will, once connected and authenticated, make port 80 on 11.22.33.44 (assuming that is a public address of the server) take connections that are then forwarded down to your local port 80. You need the GatewayPorts option enabled on the server to listen on a non-localhost address this way, and need to be logged in as root to listen on ports below 1024, and if there is already a service listening on port 80 there you obviously need to choose something else anyway. Adding the -C option to enable compression of the streams going via SSH is recommended, especially if you connect the laptop via a slow network (perhaps stuck in the middle of nowhere with only a GPRS mobile connection available).

To use ssh on Windows you have a few options. You can install cygwin's port [then the command I gave above should JustWork(tm)] or use some other client. PuTTY is a very popular option and it supports remote port tunneling.

This way your machine's web server will always be available on the same address when connected too, no matter where you connect from, so there is no need to use dynamic DNS for human friendly names you might wish to assign (assuming the server you connect to has a fixed public address, of course).

Rather than using a home or office server for this, which may slow things down further unless you have a nice fast connection in both directions there, you might get better results by renting a small Linux VPS somewhere (preferably in the same country) just for this purpose. You only need the smallest of machines as long as there is enough bandwidth so this will only cost a-couple-or-few $ per month.

As well as SSH you could also consider a VPN tool such as OpenVPN and use simple iptables rules on the server to forward connections down to your machine when connected. This may be more efficient and less hassle once setup, but may be a little extra hassle to configure if you are not familiar with it and routing in general already. Again a cheap VPS or your own office/home server would do as the server end of the VPN.


IPV6 tunneling on the laptop, combined with an ipv4 to 6 proxy - gogo6 have a nice, free service with a client to autoupdate as part of freenet6 - . Combine that with a AAAA record and a proxy that translates from ipv6 to 4 (sixxs runs a public one), or for a more elegant solution, your own proxy server (polipo might work) that does the translation running on the same A address

Set up properly, this should be mostly transparent, other than slight latency from being bounced around so many times.