PSA: if you want to provide remote access to a local service, but don't want the potentially-terrifying security implications, use Tor Authenticated Onion Services (AKA "HiddenServiceAuthorizeClient" [0]).
On a machine on the LAN, install Tor and set up an authenticated onion service, and point it to the desired endpoint. In order to access the service, clients need a manually-loaded encryption key (and Tor, of course). Without this key, nobody will be able even to discover your endpoint, let alone actually connect to it.
On a machine on the LAN, install Tor and set up an authenticated onion service, and point it to the desired endpoint. In order to access the service, clients need a manually-loaded encryption key (and Tor, of course). Without this key, nobody will be able even to discover your endpoint, let alone actually connect to it.
[0]: https://gitweb.torproject.org/torspec.git/tree/rend-spec.txt