Web Application Nat Traversal

Question

We are deploying web applications in java using tomcat on client machines across the country.

Once they are installed, we want to allow a remote access to these web applications through a central server, but we do not want our clients to have to open ports on their routers.

Is there a way to tunnel the http traffic in a way that the central server can access the web application that is behind the firewall ?

The central server has a static ip address and we have full control over it.

We don't need to access the filesystem, we only want to access the web application itself through a browser.

Answer 1

Yes - but the question is very generic. Without knowing what OS you use / your clients use, its impossible to advise on what would work.

I'd suggest running ppp on top of ssh or stunnel if you've got POISX/BSD/Linux at both ends. Have a google for lots of examples.

C.

Answer 2

For NATs what you usually have to do is get the web applications to make a request to your central server - which opens a "hole" in the NAT. Then your central server can take over this connection and access the web app.

This essentially becomes a persistent connection (since they're now way to "summon" web apps on demand, they always have to be connected to you). That is, the web apps have logic built in to them that periodically says "am I connected to home base? No? Then phone home". This will get around NAT issues since it's client initiated.

This technique is used by Skype, Buildbot, and others.