From mboxrd@z Thu Jan 1 00:00:00 1970 From: Anthony Sorace Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Message-Id: <12374CC2-B6E7-4353-BA9C-A2B4B5B9AA69@9srv.net> Date: Tue, 3 Mar 2015 23:53:02 -0500 To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\)) Subject: [9fans] Portable NAT-busting reverse-proxy Topicbox-Message-UUID: 474c4662-ead9-11e9-9d60-3106f5b1d025 I have a web service that runs localhost-only on my laptop which I'd = sometimes like to make available on the public internet. The service = listens on port 8000. The laptop moves around periodically, is usually = behind a NAT, and is sometimes offline. Here's how I do it. 1) In Inferno on my laptop, I export my local network stack: listen -Av 'tcp!*!5555' {export /net&} (This whole setup would've been way simpler if drawterm exported the = network stack like Inferno does. Does it on any platform?) 2) On my Plan 9 cpu server, I have a service which looks something like = this (at, say, /rc/bin/service/tcp1234): #!/bin/rc echo -n 0 > /srv/remotenet There's a bit more going on in the real version of this, but this = version works. Thanks to qrstuv on irc for a reminder of the "echo -n 0 = > /srv/foo" trick mentioned here: http://9fans.net/archive/2007/04/130 3) Also on my cpu server, I have a service which looks like this (call = it /rc/bin/service/tcp4321): #!/bin/rc mount /srv/remotenet /n/remnet netd=3D/n/remnet host=3Dlocalhost aux/trampoline $netd^/tcp!^$host^!8000 Again, more logging & error checking in the real thing, but this should = work as-is (I have a fallback for if /srv/remotenet can't be mounted, = when the laptop is offline). 4) Finally, on my laptop I run: trampoline -a 'tcp!localhost!5555' tcp!my-cpuserver!1234 Getting trampoline running under p9p was trivial: I just removed the mac = checking bits. I'm not sure why p9p doesn't have the needed cs bits in = the header files (the code seems to be there). The p9p trampoline connects the 9p service provided by Inferno on my = laptop to the tcp1234 listener on my cpu server, which posts a service = to /srv which the listener on 4321 mounts on each call and then uses as = a network stack for its own trampoline. The end result is that web = requests to my cpu server port 4321 get forwarded to localhost:8000 on = my laptop, and I can re-establish this with just the p9p trampoline = call. I have not attempted to authenticate any of the p9 connections, = which I'd want to do if I were putting this into production service. In addition to trampoline being so nice and the "echo -n 0" trick (which = never sticks in my head for some reason), it's fun to note that there's = nothing special about /net* directories; trampoline will use an IP stack = anywhere you point it to. I'll stick versions of this up on sources once I polish a bit or two. Anthony