* [9fans] Portable NAT-busting reverse-proxy
@ 2015-03-04 4:53 Anthony Sorace
0 siblings, 0 replies; only message in thread
From: Anthony Sorace @ 2015-03-04 4:53 UTC (permalink / raw)
To: Fans of the OS Plan 9 from Bell Labs
I have a web service that runs localhost-only on my laptop which I'd sometimes like to make available on the public internet. The service listens on port 8000. The laptop moves around periodically, is usually behind a NAT, and is sometimes offline. Here's how I do it.
1) In Inferno on my laptop, I export my local network stack:
listen -Av 'tcp!*!5555' {export /net&}
(This whole setup would've been way simpler if drawterm exported the network stack like Inferno does. Does it on any platform?)
2) On my Plan 9 cpu server, I have a service which looks something like this (at, say, /rc/bin/service/tcp1234):
#!/bin/rc
echo -n 0 > /srv/remotenet
There's a bit more going on in the real version of this, but this version works. Thanks to qrstuv on irc for a reminder of the "echo -n 0 > /srv/foo" trick mentioned here:
http://9fans.net/archive/2007/04/130
3) Also on my cpu server, I have a service which looks like this (call it /rc/bin/service/tcp4321):
#!/bin/rc
mount /srv/remotenet /n/remnet
netd=/n/remnet
host=localhost
aux/trampoline $netd^/tcp!^$host^!8000
Again, more logging & error checking in the real thing, but this should work as-is (I have a fallback for if /srv/remotenet can't be mounted, when the laptop is offline).
4) Finally, on my laptop I run:
trampoline -a 'tcp!localhost!5555' tcp!my-cpuserver!1234
Getting trampoline running under p9p was trivial: I just removed the mac checking bits. I'm not sure why p9p doesn't have the needed cs bits in the header files (the code seems to be there).
The p9p trampoline connects the 9p service provided by Inferno on my laptop to the tcp1234 listener on my cpu server, which posts a service to /srv which the listener on 4321 mounts on each call and then uses as a network stack for its own trampoline. The end result is that web requests to my cpu server port 4321 get forwarded to localhost:8000 on my laptop, and I can re-establish this with just the p9p trampoline call. I have not attempted to authenticate any of the p9 connections, which I'd want to do if I were putting this into production service.
In addition to trampoline being so nice and the "echo -n 0" trick (which never sticks in my head for some reason), it's fun to note that there's nothing special about /net* directories; trampoline will use an IP stack anywhere you point it to.
I'll stick versions of this up on sources once I polish a bit or two.
Anthony
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2015-03-04 4:53 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-03-04 4:53 [9fans] Portable NAT-busting reverse-proxy Anthony Sorace
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).