I've made ngrok completely open source and permissively licensed, I'd suggest using it rather than reinventing your own. Feel free to contact me about it.
I've got a 'Pi next to me now - which has open reverse ssh tunnels routing ports 25 and 465 from a DigitalOcean $5/month VPS to itself. (I'm working on getting Vagrant and Ansible set up so it can provison and configure inexpensive vpses and update dns MX records to suit on the fly…). The 'Pi lives behind my home NAT gateway - I can get to it's local network only port 443/ssl webmail if I vpn into my home network.
I see this as a persistent issue that seems to surface every few months. I think Google's fiber network permits running servers for 'non-commercial' use which is whole other can of worms entirely. Does anyone know of any sort of legal movement/petitioning going on currently to try and get ISPs to allow home servers?
Virtually all consumer-level ISPs in the US explicitly disallow running any sort of persistent listen server as part of their TOS (Terms of Service). The "right" they have to do it is that you agreed to the TOS at signup time.
There will be a tool that will help with dynamic DNS and port proxying for certain services (this may be against your ToS though). Or you will be able to use arkOS on a VPS too, if hosting at home is not a match for you.
^ is in the works