Client Update v0.9.11

Published at April 17, 2020 ·  3 min read

This update includes several new features that will make using the Packetriot client easier and broader the use-cases it can support. We’ve also made some small updates on existing features too.

Find the updates on our downloads page. Use docker pull packetriot/pktriot:0.9.10 to grab our latest x84-64 container image.

New Features

Instant TCP Forwarding

Instant TCP Forwarding is identical to the Instant HTTP service available using the http command with the client. Instant TCP can be used by using the tcp command and specifing an argument that functions as the port to forward to. is the default host.

Here is a quick example of us forwarding traffic to our local SSH server:

[user@host ] pktriot tcp 22
Allocated port 22198 to forward traffic


Connecting to

Running TCP services:
| Port    | Destination   | Dest Port   |
| 22198   |     | 22          |

You’ll notice that a TCP port was reserved at first, this is because there were no previous ports allocated earlier to the tunnel. The port will remain reserved after this command ends and can be used for persistent TCP forwarding rules if wanted.

tcp will reuse any available reserved TCP ports, it typically chooses the first one.

Local Hosting

For many Packetriot users they use the service to expose a server on a local or private network to the Internet, however, they also have clients on their LAN that want to access the services behind a Packetriot tunnel.

Currently, that traffic would leave the LAN, hit the Packetriot server, travel down a tunnel back in the LAN and then access the service. This is makes no sense.

To prevent this we added a new flag to the start command named --listen. WIth the --listen flag you can specify HTTP and HTTPS listening ports. The Packetriot will listen on these ports and proxy traffic to the upstream services as it normally does behind a tunnel.

Here is a small example of it in action:

[user@host ] pktriot start --listen 80:443
Local server listening on http:80, https:443

Connecting to


We’re listening to the default HTTP and HTTPS port. The value passed to --listen uses this format: <http-port>:<https-port>. You can also specify one of the ports if desired --listen :443 or --listen 80:. You use any ports you’d like with this flag.

In our Debian and RPM packages we now run

setcap 'cap_net_bind_service=+ep' /usr/bin/pktriot

to enable the client to serve on privileged ports for non-admin users. When using our archives (tar.gz) you will need to do this manually.

There is one thing we’re glossing over in this example and that’s DNS. You will need to administer DNS on your LAN to make this work.

That can be done very simply by adding entries to your /etc/hosts file on Linux or Unix systems. For Windows you can add custom entries here C:\Windows\System32\drivers\etc.

For a small number of hosts on your LAN this would work but if you want this to work automatically you may want to setup a local DNS server and change your routers’ DNS settings to point it.

Check out docs for more information and reach out with any questions.


We updated our Instant HTTP command http to serve local directories without requiring input a port argument. Here’s an example:

[user@host] pktriot http --webroot $PWD/Public


Running HTTP services:
| Domain                          | Destination   | HTTP   | TLS   | Secure   | Protect   | Site Root             |
|  |               | 0      | 0     | true     |           | /home/user/Public     |

This command will work in combination with port HTTP proxying and serving static assets from a local path. You must specify at least a port or a webroot.