Traversing NAT, customers self hosted web app and cloud server

We have an app that runs on the customers LAN on their own hardware. I want to give them the ability to login to the xojo web app without them relying on port forwarding. Can I setup a man in the middle server to connect them through the firewall?

Xojo Web App Behind Firewall <—> My Server with Open Ports <—> Customers iPhone/Laptop

What’s the simplest way to achieve this?


I don’t think this can be done without port forwarding. Any server on the same LAN will have the same problem with the firewall that the app has.

I and others have tried hard to set this up. The missing element appears to be the ability to hand off the port at the man-in-the-middle…

In my case, and others I am sure, that is the only thing that is really missing. Without it, can’t be done… But, if you figure out a way to get around that, please let us know!

take a look at ngrok ( It does what you’re thinking about but I’m not it will be in a way that’s useful to you

If the app is for internal use, You could also look into a free service like ZeroTier. It lets you create a virtual private network with nodes anywhere in the world, including behind firewalls and mobile devices.

ngrok is not good for Xojo as it’s has very limited connections and Xojo web apps are pretty chatty. Try or

Best if we could just create our own…

[quote=397904:@Tim Seyfarth]Best if we could just create our own…
Build a Xojo wrapper for this?

Thanks everyone, These are feasible solutions and very helpful.

For a small web app used in a non profit context, I do something similar. In order to enable clients to connect easily, I use a reverse DNS service. Users go to the address https://myreversednsaddress:myoutsideport. I have port forwarding setup on my firewall such that “myoutsideport” is transferred to the right internal server and the right port, that my web app is listening to.

It works very well with a variety of clients ranging from telephones to computers.

There are several reverse dns providers. I use DynDNS.