How to make a local web server visible from the internet *without* setting up port forwarding on the router?

I develop websites on my (high-end) laptop, and I work from a variety of physical locations.

I would like to save the hassle of constantly synchronizing with an externally visible web server in order for clients to test progress of the site (or for related purposes).Therefore, I am trying to find a way to enable my laptop to be automatically publicly visible from the internet, from any location, even when I do not have access to the router to set up port forwarding (such as from coffee shops, or from other public wireless connections).

I already use DynDNS to make my choice of domain names forward to a desktop server through a router that I have set up ... but like I say, I'd like to scrap the step of utilizing this desktop server.

I was hoping that paid reverse-proxy services (charging a monthly fee for an account) would provide proprietary socket-level client/server "reverse proxy" software that could be used for this purpose. I can't find one. I already use TeamViewer and LogMeIn, providing similar proprietary services. In fact, I attempted to use LogMeIn Hamachi VPN to make this possible - by making my desktop (already visible to the internet) forward IP traffic requesting port 80 along through the VPN to my laptop. However, it doesn't seem possible to set Hamachi/Windows up like this (but I might be wrong).

I hope there is a simple and robust way to accomplish this.

Dan Nissenbaum

Posted 2011-09-20T21:59:33.150

Reputation: 522

You can actually set up a basic web server using Opera web browser (Opera unite), but this is a solution only in case of HTML+JavaScript application which I believe doesn't suit your needs. – jakub.g – 2011-09-20T23:11:36.427

I currently have a web server that is operational - Apache (set up as part of an XAMPP for Windows installation). This web server works well, and when running on my desktop behind a permanent router has no problem being visible from the internet, because I set up port forwarding on my router. I am interested in finding a way to make my local web server publicly visible from the internet when I do not have access to the router to set up port forwarding. – Dan Nissenbaum – 2011-09-21T09:18:38.690

Answers

If you have a server you can SSH to and that server permits you to listen on the relevant ports the public IP address(es) (which if you control it, it will - perhaps even the desktop machine you describe if you install SSHd via cygwin or similar) you could use SSH's tunnelling option to pull traffic to your local server.

Something like: ssh root@your.server.tld -g -R 11.22.33.44:80:127.0.0.1:80 will, once connected and authenticated, make port 80 on 11.22.33.44 (assuming that is a public address of the server) take connections that are then forwarded down to your local port 80. You need the GatewayPorts option enabled on the server to listen on a non-localhost address this way, and need to be logged in as root to listen on ports below 1024, and if there is already a service listening on port 80 there you obviously need to choose something else anyway. Adding the -C option to enable compression of the streams going via SSH is recommended, especially if you connect the laptop via a slow network (perhaps stuck in the middle of nowhere with only a GPRS mobile connection available).

To use ssh on Windows you have a few options. You can install cygwin's port [then the command I gave above should JustWork(tm)] or use some other client. PuTTY is a very popular option and it supports remote port tunneling.

This way your machine's web server will always be available on the same address when connected too, no matter where you connect from, so there is no need to use dynamic DNS for human friendly names you might wish to assign (assuming the server you connect to has a fixed public address, of course).

Rather than using a home or office server for this, which may slow things down further unless you have a nice fast connection in both directions there, you might get better results by renting a small Linux VPS somewhere (preferably in the same country) just for this purpose. You only need the smallest of machines as long as there is enough bandwidth so this will only cost a-couple-or-few $ per month.

As well as SSH you could also consider a VPN tool such as OpenVPN and use simple iptables rules on the server to forward connections down to your machine when connected. This may be more efficient and less hassle once setup, but may be a little extra hassle to configure if you are not familiar with it and routing in general already. Again a cheap VPS or your own office/home server would do as the server end of the VPN.

David Spillett

Posted 2011-09-20T21:59:33.150

Reputation: 22 424

+1: I was just about to suggest ssh tunneling, but you beat me to it and explained it more clearly than I would have, to boot. – Dave Sherohman – 2011-09-21T09:59:41.260

Excellent answer, thanks. I already have WinSSHD (from Bitvise - a paid program), so I should be able to use that. I may try to use iptables for routing the data (initially when thinking about this, I became confused because I knew that the data was arriving at the computer on the local network shared with the router, but not on the local network shared with the VPN - not that this should confuse me). Anyone that would like to post an example of the necessary iptable entry that works with a router, and passes data to a VPN network, would be most welcome and appreciated! – Dan Nissenbaum – 2011-09-26T22:18:38.053

IPV6 tunneling on the laptop, combined with an ipv4 to 6 proxy - gogo6 have a nice, free service with a client to autoupdate as part of freenet6 - . Combine that with a AAAA record and a proxy that translates from ipv6 to 4 (sixxs runs a public one), or for a more elegant solution, your own proxy server (polipo might work) that does the translation running on the same A address

Set up properly, this should be mostly transparent, other than slight latency from being bounced around so many times.

Journeyman Geek

Posted 2011-09-20T21:59:33.150

Reputation: 119 122