2

I unsuccessfully tried to access my system from internet, by registering Dynamic DNS in No-IP, Port-forwarding in my TP-Link router etc. You can find more info here.

But without any all those headaches I could reach the Apache httpd running in my system with ngrok by using a single command,

ngrok http http://localhost:8080

And I can access that with below URL (The URL may not work if I stop the terminal session, but again I can get a new URL by running the same command.).

https://ce41-103-228-222-115.ngrok-free.app

Now, what I'm not understanding is, even with all the necessary port-forwarding and Dynamic public IP and Dynamic DNS I couldn't reach my system and how ngrok achieved that without any of them?

Can someone with strong understanding of network help me understand this?

Thank you.

learner
  • 231
  • 1
  • 2
  • 13

1 Answers1

3

Ngrok doesn't reach your system – your system is the one reaching to Ngrok.

Although NAT (both your router's and your ISP's) generally prevents you from receiving new connections inbound, it keeps track of every outbound connection so that reply packets belonging to an active connection can still be routed in (which is e.g. how you're still able to receive HTTP responses or SSH to external servers).

So the ngrok "agent" program keeps a persistent outbound connection to one of Ngrok's relay servers, and as long as that TCP connection is open, the relay server can send data over it.

The same principle applies to SSH -R tunnels (indeed Ngrok also has an SSH frontend where you can ssh ngrok -R ... to set up a tunnel without using the dedicated program), as well as all VPN connections – at least as long as the VPN client is configured to periodically poke the server so that the NAT gateways won't forget the connection.

grawity
  • 501,077