Bore - A Simple and Efficient Port Forwarding Tool for TCP Traffic

Bore - A Simple and Efficient Port Forwarding Tool for TCP Traffic

Bore is a lightweight and efficient tool designed to expose local ports to a remote server, bypassing standard NAT connection firewalls. It is an unopinionated, no-frills solution for forwarding TCP traffic.

Similar to tools like LocalTunnel and Ngrok, Bore stands out for its simplicity, ease of installation, and self-hosting capabilities. With just about 400 lines of safe, async Rust code, Bore is straightforward to set up and use.

Key Features

  • Expose local ports to the public internet.

  • Highly efficient and minimalistic design.

  • Easy to install and self-host.

  • Authentication support for secure deployments.

  • Works on macOS, Windows, and Linux.

Installation

Using Homebrew (macOS)

For macOS users, Bore is available as a Homebrew core formula:

brew install bore-cli

Prebuilt Binaries

Prebuilt binaries are available for macOS, Windows, and Linux. To install:

  1. Download the appropriate binary from the releases page.

  2. Unzip the file.

  3. Move the bore executable into a folder on your system’s PATH.

Using Cargo (Rust Package Manager)

If you have Rust installed, you can build Bore from source with:

cargo install bore-cli

Docker

Bore provides versioned Docker images for each release. These images are built for AMD 64-bit architecture:

docker run -it --init --rm --network host ekzhang/bore <ARGS>

Usage

Exposing a Local Port

To forward a local port to the public internet:

bore local <LOCAL_PORT> --to <REMOTE_SERVER>

For example:

bore local 8000 --to bore.pub

This exposes your local port localhost:8000 to the public internet at bore.pub:<PORT>, where <PORT> is assigned randomly.

Optional Parameters

  • Specify Remote Port: Use --port to select a specific remote port (if available).

bore local 8000 --to bore.pub --port 1234

  • Expose a Different Local Host: Use --local-host to expose a host other than localhost.

bore local 8000 --to bore.pub --local-host 192.168.1.100

Full Command Options

Usage: bore local [OPTIONS] --to <TO> <LOCAL_PORT>

Arguments:
  <LOCAL_PORT>            The local port to expose

Options:
  -l, --local-host <HOST> The local host to expose [default: localhost]
  -t, --to <TO>           Address of the remote server [env: BORE_SERVER=]
  -p, --port <PORT>       Optional remote port [default: 0]
  -s, --secret <SECRET>   Optional secret for authentication [env: BORE_SECRET]
  -h, --help              Print help information

Self-Hosting Bore

If you prefer not to use the public instance (bore.pub), you can self-host Bore on your own server. To start the Bore server:

bore server

Once running, update your client command with the server’s address:

bore local <LOCAL_PORT> --to <SERVER_ADDRESS>

Server Options

Usage: bore server [OPTIONS]

Options:
      --min-port <MIN_PORT> Minimum accepted TCP port number [default: 1024]
      --max-port <MAX_PORT> Maximum accepted TCP port number [default: 65535]
  -s, --secret <SECRET>     Optional secret for authentication [env: BORE_SECRET]
  -h, --help                Print help information

Authentication

For added security on custom deployments, Bore supports authentication using a shared secret. This prevents unauthorized access to your server.

1.Start the server with a secret:

bore server --secret my_secret_string

2.Connect from the client with the same secret:

bore local <LOCAL_PORT> --to <SERVER_ADDRESS> --secret my_secret_string

Alternatively, you can set the BORE_SECRET environment variable instead of passing the secret in commands.

How It Works

Bore operates using an implicit control port (default: 7835) for managing connections:

  1. The client sends a "Hello" message to the server on the control port.

  2. The server acknowledges and begins listening for external TCP connections.

  3. When an external connection arrives, the server generates a secure UUID and sends it back to the client.

  4. The client establishes a new TCP stream using this UUID.

  5. The server proxies traffic between the two connections.

To prevent memory leaks or stale connections, incoming connections are stored by the server for up to 10 seconds before being discarded if not accepted by the client.

Bore is an ideal choice if you're looking for a simple yet powerful tool to forward TCP traffic without unnecessary complexity. Whether using it publicly or self-hosting it securely with authentication, Bore delivers efficient and reliable performance in just a few commands! You can learn more and Download Bore in GitHub.

Upgrade Your Cybersecurity Skills EHA: Learn 150+ Practical Cyber Security Courses Online With Life Time Access - Enroll Here

 

Back to blog