35 Free and Open-source Port Forwarder Tunneling and ngrok Alternatives for Linux, Windows, and macOS
In the world of networking and development, port forwarding plays a crucial role. Tools like ngrok have become popular for their ability to expose local servers to the internet securely.
However, there are alternatives worth exploring. This post dives into what port forwarders are, why you need them, and some notable alternatives to ngrok.
What is a Port Forwarder?
A port forwarder allows you to redirect network traffic from one address and port number to another.
This process is essential for accessing services hosted on private networks from remote locations. It’s commonly used for development, testing, and accessing home network services.
Port forwarders are essential tools for accessing and sharing local services securely and efficiently.
Why You Need a Port Forwarder
- Remote Access: Access your local services from anywhere without complex configurations.
- Development and Testing: Test webhooks, APIs, and other services on your local machine without deploying them to a public server.
- Security: Securely expose local servers with encrypted tunnels.
- Simplicity: Simplify the process of sharing your work with clients or collaborators.
Use Cases for Port Forwarders
- Web Development: Share a development server with clients for live previews.
- API development & Testing: Test webhooks from third-party services directly on your local machine.
- IoT Projects: Access IoT devices on your home network remotely.
- Collaborative Work: Enable team members to access a locally hosted service for real-time collaboration.
35 Open-source Free Tunneling and Port Forwarding Solutions
1. pgrok
The pgrok is a multi-tenant HTTP/TCP reverse tunnel solution through remote port forwarding from the SSH protocol.
This is intended for small teams that need to expose the local development environment to the public internet, and you need to bring your own domain name and SSO provider.
It gives stable subdomain for every user, and gated by your SSO through OIDC protocol.
2. tobaru
Port forwarding tool written in Rust with advanced features, such as:
- Multiple target addresses: Forwards to different target addresses based on IP and TLS SNI/ALPN
- IPv4/IPv6 allowlists: Only forwards connections from known IP ranges
- TLS support:
- Allow both TLS and non-TLS clients on a single port
- Connect to TLS and non-TLS endpoints
- Hot reloading: Updated configs are automatically reloaded
- iptables support: Automatically configures iptables to drop packets from unallowed ranges
- IP groups: named groups of IPs that can be reused amongst different server configurations
3. rathole
This is a free and open-source lightweight and high-performance reverse proxy for NAT traversal, written in Rust. An alternative to frp and ngrok.
Key Features of rathole
- High Performance Much higher throughput can be achieved than frp, and more stable when handling a large volume of connections.
- Low Resource Consumption Consumes much fewer memory than similar tools. The binary can be as small as ~500KiB to fit the constraints of devices, like embedded devices as routers.
- Security Tokens of services are mandatory and service-wise. The server and clients are responsible for their own configs. With the optional Noise Protocol, encryption can be configured at ease. No need to create a self-signed certificate! TLS is also supported.
- Hot Reload Services can be added or removed dynamically by hot-reloading the configuration file. HTTP API is WIP.
4. Tcptunnel
Tcptunnel is a simple TCP port forwarder. It works for Linux, Windows and macOS.
5. bore
bore is a simple yet powerful tool that works as a reverse HTTP/TCP proxy to help you expose a local server behind a NAT or firewall to the internet via secure SSH tunnels.
6. sshuttle
sshuttle is a versatile networking tool that uniquely combines the features of a transparent proxy, VPN, and SSH tunnel. It addresses a specific use case where users need to securely access a remote network but face limitations with traditional VPNs or SSH port forwarding.
Key Features and Use Cases
- Transparent Proxying: sshuttle acts as a transparent proxy, redirecting network traffic through an SSH tunnel without the need for complex VPN setups. This allows seamless access to remote networks.
- Cross-Platform Support: Compatible with Linux, FreeBSD, and macOS, sshuttle offers flexibility for users on different operating systems.
- No Admin Access Required: Unlike many VPN solutions, sshuttle does not require administrative privileges on the remote network. This makes it ideal for environments where users have limited control.
- Simplified VPN Alternative: sshuttle provides a simpler and more reliable alternative to traditional VPN protocols like IPsec and PPTP, which can be cumbersome and error-prone.
- Eliminates the Need for Multiple SSH Port Forwards: Users can access multiple hosts and ports on the remote network without setting up individual SSH port forwards for each one.
- Improved Performance Over SSH Tunnels: sshuttle avoids the performance issues associated with OpenSSH's TCP-over-TCP tunneling, offering a more efficient solution.
7. portr
Portr.dev is a powerful tool that brings simplicity and efficiency to port forwarding and networking. With its comprehensive features and ease of use, it is an excellent choice for developers, IT professionals, and anyone needing to manage network connections effectively.
Features of portr
- Simple Port Forwarding: Easily set up and manage port forwarding rules to access local services from remote locations without complex configurations.
- Secure Connections: Ensure your connections are secure with encrypted tunnels, providing peace of mind when accessing remote services.
- Custom Domains: Assign custom domains to your local services, making them accessible with human-readable URLs instead of IP addresses and port numbers.
- Multi-Protocol Support: Support for various protocols, including HTTP, HTTPS, TCP, and UDP, making it versatile for different use cases.
- Cross-Platform Compatibility: Works seamlessly on Linux, Windows, and macOS, providing flexibility for users on different operating systems.
- No Admin Access Required: Operate without needing administrative privileges on the remote network, ideal for environments with limited control.
- User-Friendly Interface: An intuitive and easy-to-navigate interface that simplifies the process of setting up and managing port forwarding rules.
- Real-Time Monitoring: Monitor your connections in real-time to ensure everything is running smoothly and to troubleshoot any issues quickly.
- Collaborative Access: Share access to your forwarded ports with team members or clients, enabling collaborative work environments.
- Integration with Dev Tools: Integrates with popular development tools and environments, making it easier to incorporate into your existing workflow.
8. portfwd
portfwd is a simple tool designed to forward TCP or UDP traffic to different ports.
portfwd Features
- ✅ A single statically compiled binary for each OS/architecture
- ✅ Support TCP traffic
- ✅ Support UDP traffic
- ✅ Can forward multiple ports to multiple locations simultaneously
- ✅ An easily configurable tool
- ✅ Can operate effortlessly as a daemon
9. Wstunnel
wstunnel is a powerful and efficient tool for creating secure WebSocket tunnels, making it an excellent choice for developers, IT professionals, and anyone needing reliable and secure network connections.
With its comprehensive features and ease of use, wstunnel stands out as a versatile solution for modern networking challenges.
Features of Wstunnel
- WebSocket Tunneling: Utilizes WebSocket protocols to create secure tunnels, allowing for flexible and robust connections.
- Cross-Platform Compatibility: Compatible with Linux, Windows, and macOS, providing a broad range of usage scenarios.
- Simple Configuration: Easy to set up and configure, making it accessible for users with varying levels of technical expertise.
- Secure Connections: Ensures data security with encrypted WebSocket connections, protecting against potential network threats.
- Port Forwarding: Facilitates port forwarding, enabling access to local services from remote locations.
- Firewall and NAT Bypass: Bypasses firewalls and NAT restrictions, allowing for uninterrupted connectivity.
- Client-Server Architecture: Supports both client and server modes, offering flexibility in network setup and usage.
- Low Overhead: Lightweight and efficient, minimizing resource usage while maintaining high performance.
- Versatile Use Cases: Suitable for various applications, including remote access, secure browsing, and development environments.
10- Chisel
Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. Single executable including both client and server. Written in Go (golang). Chisel is mainly useful for passing through firewalls, though it can also be used to provide a secure endpoint into your network.
It offers binaries for Windows, Linux and macOS.
Features of Chisel
- Easy to use
- Performant*
- Encrypted connections using the SSH protocol (via
crypto/ssh
) - Authenticated connections; authenticated client connections with a users config file, authenticated server connections with fingerprint matching.
- Client auto-reconnects with exponential backoff
- Clients can create multiple tunnel endpoints over one TCP connection
- Clients can optionally pass through SOCKS or HTTP CONNECT proxies
- Reverse port forwarding (Connections go through the server and out the client)
- Server optionally doubles as a reverse proxy
- Server optionally allows SOCKS5 connections (See guide below)
- Clients optionally allow SOCKS5 connections from a reversed port forward
- Client connections over stdio which supports
ssh -o ProxyCommand
providing SSH over HTTP
11- NetPorter
This fork of NetPorter provides an integrated GUI to configure its native port forwarding feature, as well as configure and monitor DHCP and DNS through Dual Server.
12- Tunnel
Secure, multiplexed, TCP/UDP port forwarder using piping-server by @nwtgck as relay. Designed mainly for p2p connections between peers behind (multiple) NAT/firewalls.
Tunnel's Features
- TCP/UDP tunnel between peers, each of which may be behind (multiple) NAT(s), i.e. unreachable from the public internet.
- Firewalls don't cause problems as only outgoing http(s) connections are used.
- Security: To connect, peers must know the unique ID of the serving peer and a shared secret key. Traffic between peer and relay is encrypted (TLS). Relay doesn't store anything.
- Multiplexing: Each tunnel supports multiple concurrent connections. Connections are full-duplex.
- Many-to-One: The forwarding peer acts as the client and the forwardee peer acts as the server. Server can support multiple clients at any given time. Each node can act as both server and client.
- Resilience: Peers auto-reconnect in the face of intermittent connectivity.
- No superuser privilege required.
- Option to host your own relay server (easily and for free).
- KISS: Just a single, small, portable, shell-script.
- Built in installer and updater.
13. Tunneller
Tunneller allows you to expose services which are running on localhost
, or on your local network, to the public internet.
This is very useful for testing webhooks, the generation of static-site compilers, and similar things.
14. Port Forwarder
A small program to port forward with quota options
This a small program to forward ports with a quota option to control the data users use. Some features of this code are:
- Lightweight: It has no dependencies, just the main file, and standard library.
- Easy to use: Just edit the rules file, and you can use the proxy
- High performance: With iperf3 I achieved 14.9 Gbits/sec in a local tunnel.
- Simultaneous Connections Limit: Limit the amount of simultaneous connections that a port can have.
- Soft Blocking: Block the new incoming connections and keep the old ones alive when the quota reaches.
15. forward
Forward sets up an sbatch script on your cluster resource and port forwards it back to your local machine! Useful for jupyter notebook and tensorboard, amongst other things.
- start.sh is intended for submitting a job and setting up ssh forwarding
- start-node.sh will submit the job and give you a command to ssh to the node, without port forwarding
The folder sbatches contains scripts, organized by cluster resource, that are intended for use and submission. It's up to you to decide if you want a port forwarded (e.g., for a jupyter notebook) or just an instruction for how to connect to a running node with your application
16. Kube Forwarder
This is an open-source easy-to-use Kubernetes port forwarding manager.
17. localtunnel (Node.js)
localtunnel exposes your localhost to the world for easy testing and sharing! No need to mess with DNS or deploy just to have others test out your changes.
18. hypertunnel
This free TCP relay/reverse proxy service can be used to expose any TCP/IP service running behind a NAT.
It's using hypertunnel-tcp-relay under the hood, which itself is based on the excellent node-tcp-relay from tewarid, adding self-service multi-client support similar to localtunnel, a cool project name with "hyper" in it and a free public server.
19. ngtor
Easily expose local services via Tor
- Tunnel traffic via Tor to your locally running service
- Serve static via Tor with a single command
- All-in-one binary for macOS, linux and windows
20. tinyPortMapper
A Lightweight High-Performance Port Mapping/Forwarding Utility using epoll, Supports both TCP and UDP
21. pfwd A Trivial Port Forwarder
This is a simple port forwarding application written in C for windows and linux. All it does is listen and forward any traffic to another host using TCP/IP.
The programme starts a new thread for each connection and uses select to determine when activity is present on a socket. This could be improved by removing threading.
22. sish
Sish is a free open source serveo/ngrok alternative.
23. TunnlTo
TunnlTo is a WireGuard VPN split tunneling client for Windows.
Example Use-cases
- Route only FireFox through a privacy VPN
- Route Slack and Microsoft Office through a work VPN
- Route a game through a gaming VPN
- Stop a game from routing through a privacy VPN
- Stop a browser from routing through a work VPN
- Route a specific IP address range through a privacy VPN
- Route all traffic through a privacy VPN except a specific IP address range
- Route all applications within a folder through a VPN
- Route all traffic through a VPN except applications within a folder
24. Proxytunnel
This is proxytunnel, a program that connects stdin and stdout to an origin server somewhere in the Internet through an industry standard HTTPS proxy.
25. Tunnel
Tunnel is a server/client package that enables to proxy public connections to your local machine over a tunnel connection from the local machine to the public server. What this means is, you can share your localhost even if it doesn't have a Public IP or if it's not reachable from outside.
It uses the excellent yamux package to multiplex connections between server and client.
The project is under active development, please vendor it if you want to use it.
26- Gost GO Simple Tunnel
Gost (Go Simple Tunnel) is a sophisticated tunneling tool that supports multiple protocols, including HTTP(S), SOCKS5, and ShadowSocks. It is designed to offer secure and efficient network connections across a range of platforms, including Linux, Windows, macOS, and more.
Whether you need to bypass network restrictions, secure your internet connection, or create complex proxy chains, Gost provides the necessary features and flexibility to meet your networking needs.
Features
- Multi-Protocol Support: Gost supports various protocols such as HTTP(S), SOCKS5, and ShadowSocks, providing flexibility for different tunneling requirements.
- Cross-Platform Compatibility: Available for Linux, Windows, macOS, and other platforms, ensuring broad usability.
- Encryption: Secure your connections with robust encryption options, protecting your data from interception and eavesdropping.
- Proxy Chains: Create complex proxy chains to route your traffic through multiple proxies, enhancing privacy and security.
- Load Balancing: Distribute traffic across multiple servers to optimize performance and reliability.
- Access Control: Implement access control policies to manage who can use your tunnels, enhancing security.
- Traffic Filtering: Filter traffic based on rules and patterns, allowing for customized and controlled data flow.
- Plugin System: Extend functionality with plugins, making it easy to add new features or integrate with other tools.
- Ease of Use: Simple configuration and deployment process, making it accessible for users of all skill levels.
- Performance Optimization: Designed for high performance, ensuring efficient and reliable tunneling even under heavy loads.
27. frp
frp is a fast reverse proxy that allows you to expose a local server located behind a NAT or firewall to the Internet. It currently supports TCP and UDP, as well as HTTP and HTTPS protocols, enabling requests to be forwarded to internal services via domain name.
29. HevSocks5Tunnel
HevSocks5Tunnel is a versatile tool designed for creating a tunnel over a Socks5 proxy (tun2socks), optimized for Unix systems including Linux, Android, FreeBSD, macOS, iOS, and WSL2. It supports both IPv4 and IPv6, making it a dual-stack solution.
HevSocks5Tunnel efficiently redirects TCP connections and UDP packets, offering fullcone NAT and the ability to encapsulate UDP in UDP/TCP, thus providing robust networking capabilities for various applications.
Key Features
- Dual Stack Support: Compatible with both IPv4 and IPv6.
- TCP Connection Redirection: Redirects TCP connections seamlessly.
- UDP Packet Redirection: Redirects UDP packets with fullcone NAT and encapsulation in UDP/TCP.
- Cross-Platform Compatibility: Supports Linux, Android, FreeBSD, macOS, iOS, and WSL2.
30. zrok
zrok.io is a platform designed to simplify the sharing and collaboration process by providing an easy-to-use interface for securely exposing local services to the internet. It is ideal for developers, teams, and anyone needing to share their local environments quickly and efficiently.
Key Features
- Secure Sharing: Safely expose your local services with end-to-end encryption, ensuring your data remains protected.
- Easy Setup: Quickly set up and configure your sharing environment without the need for complex configurations.
- Custom Domains: Use custom domains for your shared services, making them easily accessible and professional.
- Access Control: Manage who can access your shared services with robust access control features.
- Real-Time Collaboration: Collaborate in real-time by sharing your development environments with team members or clients.
- Cross-Platform Support: Compatible with various operating systems, allowing you to share services from any device.
- Scalability: Designed to handle multiple users and connections, making it suitable for both small teams and large organizations.
zrok.io provides a secure and user-friendly way to share local services over the internet, facilitating real-time collaboration and efficient project management.
31. iodine
iodine is a tool that allows you to tunnel IPv4 data through a DNS server, enabling network access in restricted environments where other forms of internet connection are blocked or unavailable. By using DNS queries to encapsulate data, iodine facilitates communication across firewalled networks and can be particularly useful for situations where traditional VPNs are impractical or forbidden.
32. File Tunnel
File Tunnel is a free and open-source app that allows you to Tunnel TCP connections through a file.
33. PowerTunnel for Android
PowerTunnel is a free and open-source simple, scalable, cross-platform and effective solution against government censorship for Android.
34. PowerTunnel
PowerTunnel is an extensible proxy server built on top of LittleProxy.
PowerTunnel provides an SDK that allows you to extend its functionality however you like, and even handle encrypted HTTPS traffic (powered by LittleProxy-MITM), which can be especially useful in web development. PowerTunnel has an Android version, so any plugin you write can work on almost all devices.
PowerTunnel was originally developed and is best known as a censorship bypass tool. This functionality has been spun off in the LibertyTunnel plugin which is installed by default, just like DNS Resolver with DNS over HTTPS support.
35. Go HTTP tunnel
Go HTTP tunnel is a reverse tunnel based on HTTP/2. It enables you to share your localhost when you don't have a public IP.
Common use cases:
- Hosting a game server from home
- Developing webhook integrations
- Managing IoT devices
Features
- HTTP proxy with basic authentication
- TCP proxy
- SNI vhost proxy
- Client auto reconnect
- Client management and eviction
- Easy to use CLI