A reverse tunnel inverts the normal direction of network setup. Instead of waiting for inbound connections (which firewalls and NAT block), a process on the private server dials outbound to a public relay. The relay accepts inbound HTTP from the internet and ships those bytes back through the open outbound connection. From the public internet's perspective, your localhost is now reachable at a public URL.
Reverse tunnels are how services like ngrok and lrok work. The agent runs on your laptop, holds a long-lived connection to the relay, and proxies requests in real time. They're the right tool for webhook testing, OAuth-callback dev, and one-off "share my localhost" workflows.
Distinct from a forward tunnel (e.g. a VPN), where you initiate outbound to reach a private resource. Reverse means the private side initiates so a public resource can reach IT.