Skip to content

andredriem/port_forwarder

BranchesTags

Repository files navigation

This project is current under development

port_forwarder

Port_forwarder is a rest-api application made to temporarily expose any networks private to docker networks to the world programatically. The server has no authentication built-in so it's not recomendable to expose the server port to the world. All rules generated by the server are temporary, this means that if the service is restarted everybody will lose access to wharever services they requested to be open to them by the server.

Setup

Aside from building the container, the following capabilities must be added so the service can run properly: NET_ADMIN and NET_RAW

There are four environmental variables that must be set:

  • SERVER_PORT the port where the server will run
  • ALLOW_PERMANENT_RULES if the server allows the creation of permanent rules
  • EXPOSED_PORT_START_RANGE the starting (inclusive) range from the ports exposed by the container
  • EXPOSED_PORT_END_RANGE the end (inclusive) range from the ports exposed by the container

An example docker-compose file of how to correctly setup the server:

app:
  build: .
  ports:
    - "5000-6000:5000-6000"
  restart: always
  environment:
  - SERVER_PORT=80
  - ALLOW_PERMANENT_RULES=false
  - EXPOSED_PORT_START_RANGE=5000
  - EXPOSED_PORT_END_RANGE=6000
  cap_add:
  - NET_ADMIN
  - NET_RAW

Quick example

With a POST request to /allocate_random_port with the following json body

{
  "destIp": "172.17.0.3",
  "destPort": 80,
  "ttlInSeconds": 300,
}

The destIp and destPort is the ip/port of the service I'm requesting to access within the docker network, ttlInSeconds is how much this rule will be active before being deleted. In this request the TCP serrvice running on Ip 172.17.0.3 and port 80 is requested for the time of 300s(5min). If everything goes smoothly the server will return the following json:

{
  "port": 5524
}

port will contain the port generated by the server for accessing the forwarded service using the container's public address. If something goes wrong an empty response with the following codes will be sent:

  • 400: Malformed request or you tried to do something nasy
  • 503: All ports that the server can provide are currently in use
  • 500: Something unexpected went wrong

About

Port forwarding service controlled by a Rest API

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages