Remote access guide

What is a reverse tunnel?

A reverse tunnel lets a machine behind a router or firewall make an outbound connection first, then reuse that path so outside users can reach a local service without opening inbound ports.

Outbound firstThe protected machine initiates the connection instead of waiting for strangers to connect inward.
Public endpointA reachable server receives outside traffic and forwards it through the established tunnel.
Useful behind NATThis helps when routers, firewalls, or CGNAT make normal inbound access impractical.

How a reverse tunnel works

  1. Local client connects outA client on the private network opens a secure connection to a public relay.
  2. The relay exposes an endpointUsers visit a public hostname or connect to a stable relay address.
  3. Traffic rides back through the tunnelThe relay forwards approved requests over the already-open outbound path.

When it is useful

  • You cannot change the router.
  • Your ISP uses CGNAT.
  • You need a public webhook or preview URL for a local app.
  • You want a narrower alternative to exposing a whole network.

Reverse tunnel vs Dynamic DNS

Dynamic DNS solves a changing public IP address. A reverse tunnel solves the harder case where a hostname is not enough because inbound access itself is blocked or unavailable.

Need the tunnel path instead of the hostname path?

DNSExit Public Tunnel is being built for browser-based workflows where a reverse tunnel is the simpler answer than port forwarding.

Explore Public Tunnel Compare with Dynamic DNS
Explore by goal

Keep moving with the guide that matches the problem.

Keep remote access working Start with Dynamic DNS when your public IP changes. Fix email delivery Separate outbound sending issues from inbound mail problems. Automate DNS and SSL Use API-driven DNS updates and validation workflows. Compare service options Choose the right email setup before you commit.
;