Service exposure
From Gentoo Wiki
This article introduces several ways to expose local services to devices on other networks.
Rationale
Each device on the internet has a unique IPv4 address. Because IPv4 addresses can only address a maximum of about 4.4 billion devices, some internet service providers (ISPs) place NAT gateways between their customers' devices and the internet, in order to hide multiple devices behind one IPv4 address. In some cases, these NAT gateways run firewalls that prevent outside devices from establishing connections with devices on the ISPs' networks.[1]
Before NAT, enabling port forwarding was all that was needed to expose a service to the internet. With NAT, this is no longer a solution.
Available software and articles
| Name | Package | Homepage | Description |
|---|---|---|---|
| Tailscale | net-vpn/tailscale | https://tailscale.com/ | A VPN. Offers a free plan with no bandwidth restrictions; no private server needed. Offers fast speeds across all but the most complex network boundaries. Can expose one service per device to the entire internet. |
| ZeroTier | net-vpn/wireguard-tools | https://wireguard.com/ | Similar to Tailscale. No option to expose services to the internet. |
| Wireguard | net-misc/zerotier | https://wireguard.com/ | Self-hosted; a private server is needed. Offers fast speeds, with no traffic flowing through the private server in some cases. |
External resources
- SSH tunneling — using a server on the internet to relay encrypted traffic.
- How NAT traversal works — explains different NAT setups and how Tailscale bypasses them.