from Hacker News

Show HN: lambda-nat-proxy – Serverless proxy using Lambda and UDP NAT punching

by danvittegleo on 6/17/25, 7:01 PM with 11 comments

Revisited an old experiment of mine (https://github.com/dan-v/awslambdaproxy): can AWS Lambda functions work as network proxies? This time using UDP NAT hole punching + QUIC tunnels.

Client discovers public IP via STUN, writes session data to S3, which triggers a Lambda. Both endpoints punch UDP holes through their NATs, then establish a QUIC connection for encrypted traffic forwarding.

  • by pbnjay on 6/21/25, 6:13 PM

    Probably gets pretty costly if you’re running a lot of data through it. Now if you could implement a Tailscale DERP server in a lambda that would be pretty amazing: https://tailscale.com/kb/1232/derp-servers

  • by robcohen on 6/21/25, 8:25 PM

    Alternatively, you could make a Nix flake that can generate an immutable microVM image based on Solo5, running a MirageOS unikernel that implements NAT traversal with UDP hole punching and relay fallback. This image can be deployed to Fly.io as a lightweight, autoscaling Firecracker VM with per-second billing. It boots in milliseconds and costs far less than Lambda.

    Any reason to use lambda vs this cloud-agnostic approach? Maybe I am missing something. I guess per second vs per 100ms billing, but I can't imagine it ends up being cheaper with Lambda.

  • by shayonj on 6/21/25, 7:08 PM

    Very interesting concept. I’d love some cheap and “throw away” method of setting up tunnels with minimal onus on the exit nodes.

  • by danfritz on 6/21/25, 5:24 PM

    Looks cool but how much does it cost?