# rathole-org/rathole

**Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/rathole-org-rathole).**

12,845 stars · 693 forks · Rust · apache-2.0

## Links

- GitHub: https://github.com/rathole-org/rathole
- awesome-repositories: https://awesome-repositories.com/repository/rathole-org-rathole.md

## Topics

`firewall` `frp` `http` `nat` `network` `ngrok` `noise` `noise-protocol` `proxy` `rust` `tunnel`

## Description

Rathole is a reverse proxy tunneling tool designed to expose local services behind firewalls and network address translation to the public internet. It functions as a secure tunneling infrastructure that enables remote access to private network resources without requiring manual router port forwarding configurations.

The system utilizes a client-server architecture where a public-facing gateway coordinates with a private-network agent. It distinguishes itself by multiplexing multiple logical service connections through a single persistent TCP stream, which reduces the overhead of maintaining individual connections. To ensure security, the platform employs a dedicated control plane that manages service registration and verifies agent identity through token-based authentication before establishing any tunnels.

The software handles high-concurrency traffic by utilizing non-blocking input and output operations within an asynchronous event loop. Data transmission is optimized through zero-copy buffer forwarding, which relays packets between network endpoints using shared memory to minimize processing requirements.

## Tags

### DevOps & Infrastructure

- [Reverse Proxies](https://awesome-repositories.com/f/devops-infrastructure/reverse-proxies.md) — Functions as a reverse proxy that multiplexes multiple service connections over a single persistent TCP stream.
- [Self-Hosted Infrastructure Management](https://awesome-repositories.com/f/devops-infrastructure/deployment-management/self-hosted-infrastructure-management.md) — Facilitates the management of self-hosted services by securely exposing them to external users.

### Networking & Communication

- [Local Resource Exposure](https://awesome-repositories.com/f/networking-communication/local-resource-exposure.md) — Exposes private network services to the public internet via secure, encrypted tunnels. ([source](https://github.com/rathole-org/rathole/tree/main/docs/))
- [Service Tunnels](https://awesome-repositories.com/f/networking-communication/service-tunnels.md) — Provides a high-performance gateway for securely exposing local services to the public internet via TCP tunnels.
- [NAT Traversal Mechanisms](https://awesome-repositories.com/f/networking-communication/nat-traversal-mechanisms.md) — Enables access to services behind firewalls and NAT without requiring manual port forwarding configurations.
- [Connection Multiplexing](https://awesome-repositories.com/f/networking-communication/connection-multiplexing.md) — Bundles multiple logical service connections into a single persistent TCP stream to bypass network restrictions.
- [Secure Tunnels](https://awesome-repositories.com/f/networking-communication/secure-tunnels.md) — Establishes encrypted communication channels to connect private network resources with public internet users.
- [Event-Driven Networking](https://awesome-repositories.com/f/networking-communication/event-driven-networking.md) — Utilizes an event-driven networking model to handle concurrent traffic through non-blocking I/O.

### System Administration & Monitoring

- [Remote Access Tunnels](https://awesome-repositories.com/f/system-administration-monitoring/administrative-operations/linux-system-administration/networking/remote-access-tunnels.md) — Provides secure remote access to private servers by creating encrypted tunnels to public endpoints.

### Part of an Awesome List

- [DevOps & Infrastructure](https://awesome-repositories.com/f/awesome-lists/devops/devops-infrastructure.md) — High-performance reverse proxy for NAT traversal.

### Security & Cryptography

- [Token-Based Authentication](https://awesome-repositories.com/f/security-cryptography/token-based-authentication.md) — Secures tunnel establishment by requiring token-based authentication for all connecting agents.
- [Connection Authentication Mechanisms](https://awesome-repositories.com/f/security-cryptography/connection-authentication-mechanisms.md) — Validates incoming agent connections using token-based identity verification before allowing tunnel access.

### Software Engineering & Architecture

- [Control Planes](https://awesome-repositories.com/f/software-engineering-architecture/control-planes.md) — Coordinates service registration and connection handshakes between distributed gateway and agent nodes.