Sometimes you want to expose a port running on localhost to the internet. The use of NAT with IPv4 or firewalls make it difficult to expose a port. Sometimes you also lack the permission to do so. So maybe your IT will not like this ;)
This problem is not that complicated that it needs enterprise software. In fact you can do this with
common Unix tools. All you need is
socat and a server running a SSH server. This server should be able to expose posts to the internet.
SSH will provide is with a reverse tunnel and
socat will proxy the tunnel to the internet.
Run the following command on your local computer to expose port 8080:
ssh -R 12345:localhost:8080 $SERVER_HOST
Not you should be able to run
curl http://localhost:12345 on the remote server.
Unfortunately SSH will bind to localhost. Therefore it is not yet possible to accces the port 12345
Use the following command to solve that, by proxying requests from the internet to localhost:
socat tcp-listen:12345,reuseaddr,fork,bind=$PUBLIC_IP tcp:localhost:12345
$PUBLIC_IP is the IP of the interface which faces the internet)
You can also skip the second command if you have root access on the server. Then you can allow clients to specify which IP they bind to when creating the reverse tunnel.
Specifies whether remote hosts are allowed to connect to ports forwarded for the client. By default, sshd(8) binds remote port forwardings to the loopback address. This prevents other remote hosts from connecting to forwarded ports. GatewayPorts can be used to specify that sshd should allow remote port forwardings to bind to non-loopback addresses, thus allowing other hosts to connect. The argument may be no to force remote port forwardings to be available to the local host only, yes to force remote port forwardings to bind to the wildcard address, or clientspecified to allow the client to select the address to which the forwarding is bound. The default is no.
From sshd_config manual
clientspecified and use the following command for the tunnel:
ssh -R $PUBLIC_IP:12345:localhost:12345 $SERVER_HOST
$SERVER_HOST can be the same)