
Ngrok – Expose any local server behind a NAT or firewall to the Internet - mavidser
https://ngrok.com
======
tombh
As is usually mentioned in reference to this, the same can be achieved on the
command line with:

`ssh user@yourserver.com -R [remoteport]:localhost:[localport]`

Where 'yourserver.com' is a server you own, such that accessing
'[http://yourserver.com:[remoteport]'](http://yourserver.com:\[remoteport\]')
tunnels to '[http://localhost:[localport]'](http://localhost:\[localport\]').

~~~
jgroszko
This approach, at least for my setup, would require opening up a port in my
server's firewall as well.

The other benefit is that ngrok provides a nice web interface so you can watch
and inspect web requests as they go by.

~~~
ceejayoz
Don't forget HTTPS support. Great if you're developing something like a
Facebook app where you have to give them a HTTPS endpoint to hit.

------
urza
Pagekite does the same and is opensource.

[https://pagekite.net/](https://pagekite.net/)

~~~
xasos
Wow never realized that the latest version of ngrok isn't open source. Strange
that you can just hide versions of your software, because you don't want it
open-sourced

------
mrmondo
This is the definition of software that I would not trust to run unless it was
open source. This is a real shame.

~~~
fit2rule
Count this as another vote for software I wouldn't run unless it was Open
Source. It doesn't have to be Free - but I won't run it until its been audited
independently, and Open Source is clearly the best way to accomplish that ..

~~~
mrmondo
Absolutely, you said it much better than I.

------
rodgerd
It's a sad indictment of how far we've come from the early vision of a
pervasive, distributed Internet that it's considered a novelty to run out of
your own home or office, rather than on the servers of a couple of massively
centralised megacorporations.

~~~
jdeibele
Wow. Many people don't want to try and keep up with the absolute latest
security issues and don't have the bandwidth for even the most trivial DDOS
attack.

You can host with companies a lot smaller than Google or Amazon. Let someone
else carry the pager, you know?

------
nly
Erm, i'm confused, is ngrok really currently proxying 17 million tunnels?

How are they supporting so many IPv4 tunnels? Presumably they don't have the
IPv4 space to assign standard ports to them. HTTP is easy but they say they
let you "expose any networked service".

Why are folks only worried about the closed source client, which likely does
nothing interesting, when all the magic must be at the backend?

~~~
venomsnake
65535 * 256 gives 16776960 ... so this is a single C class network.

------
krngrvr
I guess localtunnel - [http://localtunnel.me/](http://localtunnel.me/) \- does
the same thing? Its open source too.

~~~
lojack
I've used both. Localtunnel always seemed janky to me with occasional crashes
or just not working for seemingly no reason. Ngrok simply works, and works
well. It's also got a few nice features like being able to inspect requests in
the browser. Was an absolute life saver when working with webhooks.

------
leni536
I really like how the firewall is illustrated as a wall on fire with a hole in
it. It describes NAT really well.

------
grinnick
ngrok is really cool software but it's unfortunate that version 2 went closed
source. I'll be sticking with version 1.x

------
xasos
Previous HN discussion:
[https://news.ycombinator.com/item?id=5946981](https://news.ycombinator.com/item?id=5946981)

------
gigantic
I like [https://meetfinch.com/](https://meetfinch.com/)

------
nixarn
Repost, but really handy, used to easily test a website on my phone not long
ago. It felt like a good lazy mans solution to testing stuff.

Also good to quickly let friends try your local server.

------
RobSis
And then there is pwnat that tunnels nats without 3rd party...

~~~
leni536
You have to use pwnat on the client too.

------
scurvy
What's wrong with using IPv6 and an allow ACL? Rather use that than some
mysterious software that isn't open source.

~~~
buckyball
How to get a /64 ipv6 subnet when the ISP won't supply one? My ISP just hands
out 1 ipv4, thankfully without DSLite or CGN. Any link to a howto out there
which incorporates your suggestion?

~~~
DanielDent
[https://tunnelbroker.net/](https://tunnelbroker.net/) (HE) or other free IPv6
tunnel brokers are one approach.

------
arpa
Because it is simply impossible to configure NAT to forward the ports to the
internal network...

~~~
tehbeard
...and noone ever has to worry about carrier grade NAT or heaven forbid, being
in a managed office and unable to easily alter the firewall for their LAN or
deal with inept IT departments... \s

~~~
arpa
while I see your point, I respectfully disagree. You could get a real carrier
that gives you external IP. And if your office hides your computer behind
firewall, they could have a reason for that. For, I don't know, corporate
security. And there you go, running bugFTP 0.3 inside the company network
where every computer is trusted... Sure, that's a great idea.

