this post was submitted on 11 Nov 2023
103 points (92.6% liked)

Selfhosted

39950 readers
739 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
103
ISP put me behind NAT (lemmy.world)
submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/[email protected]
107 comments fedilink hide all child comments
 

I'm connected via a 4G modem. Got this setup about 3 years ago. In the beginning it was enough to look for the public IP (what's my IP). The modem showed some sort of private ip in the ui. I'm running stuff at home (Homeassistant, Gitea,) and bought a domain and pointed it to my home IP via Cloudflare. After some time I've noticed my modem shows the public IP also internally. For about 2 years now it ran flawlessly, the IP changed from time to time, but not really more than once in several weeks. For about a week all stopped working and the modem shows IP 100.xxxx and outside 85.something I guess I'm behind NAT now. Normal port forwarding on the modem is useless now. Is it possible to open the ports via UPNP? I've tried via miniupnp from my Ubuntu server, but it just throws an error.

upnpc -a ifconfig enp1s0| grep "inet addr" | cut -d : -f 2 | cut -d " " -f 1 22 22 TCP

Can I use this to somehow open the ports via UPNP on my modem and bypass the blocking? I can't even OpenVPN to my modem anymore.

EDIT: i also run AdguardHome, that I use as Private DNS on my Android phone

UPDATE: everything except Adguard Home used as Private DND on my Android works! I've used this: https://github.com/mochman/Bypass_CGNAT/wiki/Oracle-Cloud-(Automatic-Installer-Script) - free Oracle VPS + automated well described script. Even HTTPS works fine!

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 24 points 1 year ago (9 children)

A solid workaround is an ssh reverse tunnel with gateway ports enabled. You can do it for pennies with a cheap VPS.

With this option you open an ssh tunnel outbound and then you can connect back through it from the other side for whatever local services you want to run.

You first need a VPS with a public IP. Here's a guide that explains it: https://www.howtogeek.com/428413/what-is-reverse-ssh-tunneling-and-how-to-use-it/

Just remember to enable gateway ports in the VPS side sshd.conf and disable or adjust any firewall on the VPS so the internet can come in through the VPS ip address and tunnel back to your local system.

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (6 children)

While I use ssh tunneling to access systems on a temporary basis, usually http, some caveats:

  • I don't know of a daemon to set up locally that will re-establish tunnels on power loss and the like. Not technically-difficult, but something one probably wants if this is going to be how he's gonna get at the system long-term rather than "I just need one-off access".

  • One other downside -- the service that the user here is aiming to expose is apparently ssh. For me -- reaching an http server -- wrapping the connection for remote use is desirable. For him, it probably isn't, as there'll be two layers of encryption. Not the end of the world, but it's a hit. You do want encryption in the outer protocol at least insofar as you need it to protect authentication to the VPS anyway.

[–] [email protected] 2 points 1 year ago (1 children)

I need more ports to be exposed - I'm running secure DNS, Git on one port, Webmin on other, Jelllyfin (I can live without that on data), HTTP server on 800/443, Homeassistant 8123,... I also had 3389 open for remote desktop to my Windows machine, etc.

[–] [email protected] 1 points 11 months ago

You can reduce some of those ports by using a reverse proxy. Do that you can access git home assistant etc from 443 with a subhuman.

load more comments (4 replies)
load more comments (6 replies)