Install and configure the Fogbow Reverse Tunnel

The reverse tunneling service provides public IP access to virtual machines created in the private cloud, when the local cloud offers only private IPs to these virtual machines. The Fogbow Reverse Tunnel is distributed in two forms: as source code, or as a binary package for debian-based distributions. Choose the best distribution for your system, download it and install it as follows.


# If not installed previously
apt-get install maven
# If not installed previously
apt-get install openjdk-7-jdk

Install from source

To get the lastest stable version of the component, download it from our repository:


Then, decompress it:


Now, install it with Maven:

cd fogbow-reverse-tunnel-master
mvn install -Dmaven.test.skip=true

Install from debian package

Download a stable version from our package repository and install it with dpkg:

dpkg -i fogbow-reverse-tunnel_$version.deb


After the installation, rename the file reverse-tunnel.conf.example to reverse-tunnel.conf and, if necessary, edit its contents. Below we list the default values:


The http_port property defines the port used to run the HTTP service of the Reverse Tunnel. This service handles requests to create and get tunneled ports. This port must be accessible by the Fogbow Manager and by the virtual machines, created by the Fogbow Manager.

The reverse tunnel service employs multiple tunnel servers to balance the service load. This service allocates one port to each of these servers. The tunnel_port_range property defines the range of servers' ports. This range of ports must be accessible by the Fogbow Manager and by the virtual machines, created by the Fogbow Manager.

The ports_per_ssh_server property defines the number of ssh ports to be allocated in each server.

The external_port_range property defines the range of public tunneled ports. The ports within this range must be accessible from external networks.

The host_key_path property defines the path to ssh key to be generated by the SSH Server. Setting the key path is important to have the SSH Server using the same key after restarting. The host key is used to make sure that the server is always the same when establishing new connections.

The idle_token_timeout property defines the expiration time of a tunnel port token. A token is associated with tunneled port each tunneled. The token expires if it is not used for the past idle_token_timeout seconds. After expiration, the port is reclaimed and can be used by another request.

The check_ssh_servers_interval property defines the period interval in seconds to verify token expirations.

Configure LOG

Rename the file to and edit it according your necessity.

# Root logger option
log4j.rootLogger=DEBUG, file

# Direct log messages to a log file
# log path
log4j.appender.file.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n

# Different log levels for restlet and http-client


To start the reverse tunnel server, run the start-tunnel-server script inside the root directory of the project.

bash start-tunnel-server