Access network services behind a NAT
mdm-tunnel is a very simple (read: naive) way to get around the fact that the devices on the Internet cannot create incoming connections to devices behind a NAT i.e. if you boot a webserver on your home computer, the internet cannot access this server unless you forward ports to it on your home router.
mdm-tunnel gets around the blocked incoming connections by simply opening an outgoing, persistent, duplex connection to a webserver, which is accessible to the Internet. The webserver then accepts the incoming requests from the internet, and figures out which connection a request should be piped to.
There are probably better ways to do this, this is my first foray in this space.
Usage: mdm-tunnel-client [options]Options:-h, --help output usage information-V, --version output the version number-c, --config [file] Config file to load [file]-u, --user [user] username to log in to server with-p, --port [port] port on host server-h, --host [host] address of host server-v, --verbose verbose output
Usage: mdm-tunnel-server [options]Options:-h, --help output usage information-V, --version output the version number-p, --port [port] Port to listen for external connections on [port]-c, --client-port [client] Port to listen for client connections on [client]-v, --verbose verbose output
Without -v, mdm-tunnel runs totally silent.
By default the client searches for
.tunnel-services.json in your
$HOME directory. Keys are service names (can be anything), values are
local port numbers for those services.
Open these in separate terminals or background them.
Note: You'll need to set up wildcard subdomains to test the server on your local machine. On OSX, I recommend dnsmasq.
# Boot the servermdm-tunnel-server -v# Boot the client on your machinemdm-tunnel-client -u tim -v# Boot some servicenode examples/simple/server.js# Connect with browseropen http://hello-world.tim.localhost.dev:8000
# Boot up the servicenode examples/websockets/server.js# Connect with browseropen http://websockets.tim.localhost.dev:8000
To change the available services, edit your
The default implementation does not enforce any security. You can implement simple security inside the Router instance you run on the webserver.
netcreateServersocketpipeRouterconfig socketasyncseriesauthbindnull headersroutebindnull headersdonelisten80
This isn't very sophisticated and could be improved.