Fast TCP/UDP forwarding,
managed from one place.
Run a lightweight client on each public-facing host, and manage every TCP/UDP rule from one server. Permissions, rate limits, metrics, and audit logs come built in — and your traffic flows through the client, never the server.
Rules, access, limits, metrics, audit.
Rules
Forward TCP or UDP — single ports or whole ranges, to IP or DNS targets. Route HTTPS to different backends by SNI hostname, without decrypting it.
Access
Grant each user only the clients, protocols, and port ranges they need. The server checks ownership before any rule goes live.
Limits
Cap bandwidth, new connections, and concurrent connections per rule or per user — plus monthly traffic quotas that cut off at the limit.
Visibility
Prometheus metrics, structured logs, an audit trail, embedded SQLite state, and built-in backup and restore.
One server manages many forwarding hosts.
Change rules on the server from the CLI, API, or Web UI. The server pushes signed rules over pinned TLS to the clients that hold your public ports. Your traffic flows through the client, not the server.
Benchmarks you can rerun yourself.
The report lists the test host, the exact commands, the raw results, and the caveats — run it again and compare.
Performance reportFour steps to live traffic.
- 01Generate a one-time enrollment command on the server.
- 02Run the client on the host that holds your public ports.
- 03Add forwarding rules from the CLI, HTTP API, or Web UI.
- 04Watch traffic, quotas, and rejected requests in real time.
Start with one forwarding rule.
One machine? Run standalone from a TOML file. Many machines? Add a server and clients — the same forwarding code underneath.