How Does The Live Link Feature Bypass My Firewall?

This should be a FAQ - suggest adding it to the FAQ forum.

How does the Live Link feature bypass my local firewall?

Do you have any technical guides describing this feature’s design? If not, could it be explained here?

I have a pfSense firewall at my boundary gateway protecting my internal network. It is configured to reject all incoming connections and UPNP is disabled, and yet, I can still access a Local installed and hosted website inside my internal network from the public Internet i.e. bypassing my firewall.

How is this achieved?

Regards,
David.

Thanks for your question, David.

Local uses a reverse tunnel similar to ngrok or Cloudflare Tunnel based on a modified version of localtunnel.

It’s able to work with your firewall because the connection is initiated from within your network: when you start a Live Link in Local, it establishes a connection with Local’s tunnel server (which won’t be blocked by pfSense), and that connection is kept open until it times out or you stop the Live Link.

When someone accesses your Live Link URL, they’re connecting to Local’s tunnel server first, not to your network directly. Local’s tunnel server then forwards the request through the already-open connection. Your Local app then receives the request and sends the response back through the tunnel.

Although this might be seen as “bypassing” your firewall in some sense, visitors are only able to connect to your specific Local WordPress instance, and only when you’ve activated your Live Link and shared the connection details with them. It’s also an optional feature that’s off by default — some people push to staging servers to share sites with their clients and colleagues instead.

1 Like