Being able to access your desktop machine from the outside world is very handy as an entrepreneur / coding addict.
Say you are working on your SaaS product, duct-taped together on a local machine. It's high on your TODO list to prepare automated deployment to a remote server. But there comes a sudden opportunity to pitch to a prospective client.
A quick, effective - and somewhat dangerous - way is to let the outside
world access your local HTTP server. Given your dev server is listening
on port 3000 locally, forward that to a server in the cloud
that has ip a.b.c.d:
ssh -R 8080:localhost:3000 user@a.b.c.d
So now a.b.c.d:8080 is accessible from the outside.. Or not.
SSH will by default bind to port 8080 on the loopback
interface having ip 127.0.0.1, not being accessible from the outside.
You can verify that by observing the output of netstat -nlp
on the server.
If you have root on the remote machine, set
GatewayPorts clientspecified in sshd_config, and pass
in the all-interfaces remote ip 0.0.0.0 explicitly.
ssh -R 0.0.0.0:8080:localhost:3000 user@a.b.c.d
If you don't have root, then redirect the port using a user-space program.
I found python-port-forward
to be handy, since most servers have python interpreter installed
out of the box. Put 9000 localhost 8080 in port-forward.config
to expose your server on port 9000.
Warning Leave your machine exposed only as long as needed for the demo. Apply good server config practices locally as well. For example, disable file uploads and jail the webserver root so none of your files get exposed.
Tip I often forget
if I should use the -R or -L flag, also the
order of the ports in the port1:host:port2 parameter.
Never mind, just try a random variation and check what port is bound
where using netstat -nlp on both machines.
Tip This technique can also be used to expose your development box through SSH, so you can keep working while on vacation.