To the author, I wish you best of luck with this but be aware (if you aren't) this will attract all kind of bad and malicious users who want nothing more than a "clean" IP to funnel their badness through.

serveo.net [2] tried it 8 years ago, but when I wanted to use it I at some point I found it was no longer working, as I remember the author said there was too much abuse for him to maintain it as a free service

I ended up self-hosting sish https://docs.ssi.sh instead.

Even the the ones where you have to register like cloudflare tunnels and ngrok are full of malware, which is not a risk to you as a user but means they are often blocked.

Also a little rant, tailscale has their own one also called funnel. It has the benefit of being end-to-end encrypted (in theory) but the downside that you are announcing your service to the world through the certificate transparency logs. So your little dev project will have bots hammering on it (and trying to take your .git folder) within seconds from you activating the funnel. So make sure your little project is ready for the internet with auth and has nothing sensitive at guessable paths.

[2] https://news.ycombinator.com/item?id=14842951

https://publicsuffix.org/

You should also consider grouping your random hostnames under a dedicated subdomain. e.g. "xxx-xxx-xxx.users.tunnl.gg", that separates out cookies and suchlike.

https://tunnl.gg/assets/index-Bjpn0hFX.js

If the requesting party knows it's possible they might ask for traffic to be logged

   > tailscale funnel 3000

   Available on the internet:

   https://some-device-name.tail12345.ts.net/
   |-- proxy http://127.0.0.1:3000

   Press Ctrl+C to exit.

For the second point, you might want to implement some kind of browser warning similar to what Ngrok does.

Any plan to make it oss?

https://github.com/desplega-ai/localtunnel-server

``` tunnl() { if [ -z "$1" ]; then echo "Usage: tunnl <local-port>" return 1 fi

  ssh -t -R 80:localhost:"$1" proxy.tunnl.gg

There's also https://tunnelmole.com but requires binary or npm install

Only regular SSH to serve, regular SSH to connect. No public URLs though (it's not for web services).

What it does:

- Expose localhost to the internet (HTTP/TCP/WebSockets) - Zero signup – just works immediately - Free

Nothing groundbreaking, just scratching my own itch for a no-friction tunnel service. Written in Go.

Link: https://tunnl.gg

Happy to answer questions or hear how you'd improve it.

Not that you'd usually need this if you have IPv6 but might still be useful to bypass firewalls or forward access for IPv4 clients from your newer IPv6-only resources.

I can create any subdomain I want and tunnel the connexion to any port on my computer.

=> I can spinup a new subdomain in seconds, no data leakage, url that doesn't change, and it's cost nothing.

Also do you collect any data? Privacy says

> We do not collect, store, or sell your personal data.

But I guess personal data is a bit ambiguous. You're at the very least collecting my IP (which is fine, I'm just curious)

There's no SSHFP record (not that openssh uses it by default, and you'd need DNSSEC to make it actually useful), and no public keys documented anywhere to help people avoid MITM/TOFU events.

I get the UX, but it saddens me to see more SSH products that don't understand the SSH security model.