zlacker

This is nice and for those who's asking, it's different from ngrok and the others in that you don't need a separate client, (almost) everyone has ssh installed.

To the author, I wish you best of luck with this but be aware (if you aren't) this will attract all kind of bad and malicious users who want nothing more than a "clean" IP to funnel their badness through.

serveo.net [2] tried it 8 years ago, but when I wanted to use it I at some point I found it was no longer working, as I remember the author said there was too much abuse for him to maintain it as a free service

I ended up self-hosting sish https://docs.ssi.sh instead.

Even the the ones where you have to register like cloudflare tunnels and ngrok are full of malware, which is not a risk to you as a user but means they are often blocked.

Also a little rant, tailscale has their own one also called funnel. It has the benefit of being end-to-end encrypted (in theory) but the downside that you are announcing your service to the world through the certificate transparency logs. So your little dev project will have bots hammering on it (and trying to take your .git folder) within seconds from you activating the funnel. So make sure your little project is ready for the internet with auth and has nothing sensitive at guessable paths.

[2] >>14842951

>>gnyman+(OP)
It would be nice to have an open-source version that you can self-host. That would solve the abuse problem. Maybe with a service to create API keys.

>>gnyman+(OP)
Thanks for the kind words. I hope I won't have to close this service in a few days due to abuse but its a weird world we live in.

>>resiro+t
Yeah, this is the next step. I first wanted to understand if this gets any traction. I think I will provide a dockerized version for the server part that you can just run with a simple command and maybe some interface to create api keys and distribute them to your users.

>>klipit+I1
Do you have funding to cover the paying the bandwidth costs which will ultimately result from this? Or if you're running this from a home network, does anyone know if OP should be concerned of running into issues with their ISP?

>>resiro+t
We're using pgrok for that in our organization. A small EC2 instance serves as the public endpoint.

>>klipit+I1
As someone who has launched something free on HN before, the resulting signups were around 1/3rd valid users doing cool things and checking things out, and 2/3rds nefarious users.

>>klipit+S1
Fair enough from a business standpoint, but seeing as there are massive privacy/security risks involved in exposing your data to an opaque service, the open source component is probably a non-optional aspect of the value prop.

>>klipit+I1
Dare I ask how much bandwidth it is consuming?

>>jjcm+9i1
a bit better benevolent:malicious ratio than the real world

>>gnyman+(OP)
A few other options as well: https://github.com/anderspitman/awesome-tunneling

>>pcthro+Qf
The tunnel host appears to be a Hetzner server, they are pretty generous with bandwidth but the interesting thing I learned about doing some scalability improvements at a similar company [0] is that for these proxy systems, each direction’s traffic is egress bandwidth. Good luck OP, the tool looks cool. Kinda like pinggy.

[0] https://localxpose.io

>>pcthro+Qf
I can cover hundreds of PB of bandwidth per month if needed without paying a fortune.

>>klipit+wA1
Can you share more details? I know Hetzner offers unlimited bandwidth in some cases but I thought it limited only to servers with the 1Gbs uplink

>>dlensk+pm1
Its around 700MB today so far.

>>popalc+Tk1
how come? just because it's open source doesn't mean that they run that exact binary on their servers. ngrok does pretty well without open sourcing.

>>klipit+I1
I run playit.gg. Abuse is a big problem on our free tier. I’d get https://github.com/projectdiscovery/nuclei setup to scan your online endpoints and autoban detections of c2 servers.

>>kiloba+EB1
Work closet /s

>>rgbrgb+kH1
The locus of trust moves, if you have the source, and trust is a factor for you, because you can simply self-host and know what you're running.

>>klipit+I1
My service (which doesn't have public access, only via SSH as a client) was used by a ransomware gang, which involved the service in investigation from Dutch CERT and Dubai police.

It's still live though.

>>patric+cQ1
Thanks for sharing this. I run packetriot.com, another tunneling service and I ended up writing my own scanner for endpoints using keyword lists I gathered from various infosec resources.

I had done some account filtering for origins coming out of Tor, VPN networks, data centers, etc. but I recently dropped those and added an portal page for free accounts, similar to what ngrok does.

It was very effective at preventing abuse. I also added mechanism for reporting abuse on the safety page that's presented.

>>jborak+j14
Have you found a way to detect xworm c2c servers?

>>tonyme+ln1
2/3rds of people in the world are malicious?

>>apitma+du1
Just want to say that I appreciate you maintaining this list. It's one of those things I need to do every now and then, so having a place that gives me a current summary of the options is very handy.

>>gnyman+(OP)
OpenSSH is preinstalled on Windows as well, so I think it's not a stretch to say everyone has ssh now.

>>hrimfa+6L4
2/3 of resources will typically be spent by malicious/nefarious/abusive users.

[edit] for clarity

>>gnyman+(OP)
Random thoughts: one can get user's ssh public keys from GitHub on the fly (from `https://github.com/<username>.keys`), so that it requires a valid GitHub account to use this service, without (extra) auth process.