Chromium OS Docs

Port forwarding and tunneling in Chrome OS

Warning: This document is old & has moved. Please update any links:
https://chromium.googlesource.com/chromiumos/docs/+/HEAD/security/port_forwarding.md

localhost to Crostini

Chrome OS will forward ports from localhost into Crostini. This allows developers to use Chrome to access their development environment inside Crostini.

cicerone will ask chunnel to tunnel all ports listening in the Crostini container, except:

  • Privileged (<1024) since chunnel lacks CAP_NET_BIND_SERVICE.
  • 2222 (SFTP for the Chrome OS Files app) and 5355 (mDNS) which are blocked.

Moreover, tunneled ports are locked down to reject traffic from non-chronos UIDs.