Layer 4 proxy utilizing WebRTC which enables port-forwarding without using dedicated IP and port.
- access self-hosted services deployed on your home from any network connected to Internet.
- quick sharing of services being developed in your laptop to peer developers on another network.
- securely expose control plane service to data plane services on another data center or DMZ.
- ...
The binary are distributed as a single executable which are available from the release page and as Docker image which can be downloaded from the package page.
./aetherport --helpdocker run --rm ghcr.io/telkomindonesia/aetherport --help-
On the sender side which will run an egress proxy, run:
aetherport --forward 0.0.0.0:80:0.0.0.0:8080`This will forward connection to
0.0.0.0:80on the sender side to0.0.0.0:8080on the receiver site. -
aetherportwill display an 'offer' text that should be copied to the receiver. -
On the receiver side which will run an ingress proxy,
aetherport --allow 0.0.0.0:8080
This will allow connection to be forwarded to `0.0.0.0:8080.
-
Copy paste the 'offer' text displayed in step 2 to the prompt on receiver side and press
<enter>. -
aetherportwill display an 'answer' text that should be copied to the sender. -
Copy paste 'anwer' text displayed in step 5 to the prompt on sender side and press
<enter>.
At the end, a connection will be established that will forward any traffic received on 0.0.0.0:80 on the sender side to 0.0.0.0:8080 on the receiver side.
-
Run the aetherlight signaling server on machine reachable by all participating node. The server will be listening on
http://0.0.0.0:8080by default../aetherport signal
-
Generate certificate for each node.
./aetherport cert generate --name node1 ./aetherport cert generate --name node2 ...
-
Distribute the node private key, certificate, and ca-certificate file to each node.
-
On the node that will run an ingress proxy (for example to expose a service in 0.0.0.0:80), run the following:
./aetherport \ --key '<path to key file>' \ --cert '<path to certificate file>' \ --cacert '<path to ca certificate file>' \ --allow '0.0.0.0:80' \ --signal-type 'aetherlight' \ --aetherlight-base-url '<base url where aetherlight is available, e.g. http://0.0.0.0:8080>'Note the url that will be echoed in the terminal. The url will be used on any node that will connect to this node.
-
On the node that will run the egress proxy and try to connect to node above, run:
./aetherport \ --key '<path to key file>' \ --cert '<path to certificate file>' \ --cacert '<path to ca certificate file>' \ --forward '0.0.0.0:80800.0.0.0:80' \ --signal-type 'aetherlight' \ --aetherlight-ingress-url '<base url where aetherlight is available, e.g. http://0.0.0.0:8080>/ingresses/<ingress ID from the previous command>'
Note that a node can run the aetherport command to act both as ingress or egress proxy at the same time.
- UDP forwarding.
- TCP to stdio forwarding.
- Socks5 proxy on the sender side.
- Equal or better performance with ssh port forwarding.
- Fine-grained access control on the receiver side.
- Application protocol filter (e.g. HTTP).