Hassle-free Reverse SSH Tunneling with localtunnel

Reverse SSH tunneling is a common technique for making a machine sitting behind NAT accessible from the Internet. Usually, this involves some command-line trickery, but localtunnel provides a hassle-free way to enable access to a server on a local network.

Most people have a standard internet setup where you have a router connected to the internet with a single IP address, and a network of computers that all "share" the same IP address. This is great for two reasons: the first one is that the network is very safe, as it's unreachable from the outside. It also means that any one specific computer can "get out", but nothing can connect "to it" so to speak.

The problem

If you have a local machine, sometimes you want people to be able to connect to it -- even if you are behind a router with a single IP.

For example, you might be a web developer who wants to show a prototype to a calendar.

A possible solution

SSH can come really handy here. You can indeed solve this problem with SSH alone, creating what it's technically called a "tunnel". This means that:

  • Your machine creates a secure SSH tunnel with a server connected to the Internet. Note that your own machine initiates the connection
  • The traffic going to a specific port of that outside machine is then forwarded towards the tunnel.

Sounds complicated? Well, it's not if you are willing to twist your mind a little, and delve into the SSH manual.

For anybody else, welcome to localtunnel!


Localtunner does everything for you: all you need to do is install it, and run it.

Before you deploy localtunnel on your (firewall-protected) server, you need to install a handful of dependencies. To do this on Debian or Ubuntu, run the following command as root:

apt-get install ruby ruby1.8-dev rubygems1.8 libopenssl-ruby

Install then localtunnel by executing the gem install localtunnel as root. Next, generate a key pair, and upload the public key for authentication:

ssh-keygen -t rsa
localtunnel -k ~/.ssh/id_rsa.pub 8080

The last command assumes that the server you want to make accessible runs on port 8080. Finally, execute the localtunnel command as follows:

localtunnel 8080    

Use then the URL generated by localtunnel to access the server from outside your local network. The response will similar to:

Port 8080 is now publicly accessible from http://9rtr.localtunnel.com …

Use with care!

Please remember that the security you have when you are protected by a router dissolves when you open your server to the external world.


Verbatim copying and distribution of this entire article are permitted worldwide, without royalty, in any medium, provided this notice is preserved.