ISP put me behind NAT
fedilink

I’m connected via a 4G modem. Got this setup about 3 years ago. In the beginning it was enough to look for the public IP (what’s my IP). The modem showed some sort of private ip in the ui. I’m running stuff at home (Homeassistant, Gitea,) and bought a domain and pointed it to my home IP via Cloudflare. After some time I’ve noticed my modem shows the public IP also internally. For about 2 years now it ran flawlessly, the IP changed from time to time, but not really more than once in several weeks. For about a week all stopped working and the modem shows IP 100.xxxx and outside 85.something I guess I’m behind NAT now. Normal port forwarding on the modem is useless now. Is it possible to open the ports via UPNP? I’ve tried via miniupnp from my Ubuntu server, but it just throws an error.

upnpc -a ifconfig enp1s0| grep "inet addr" | cut -d : -f 2 | cut -d " " -f 1 22 22 TCP

Can I use this to somehow open the ports via UPNP on my modem and bypass the blocking? I can’t even OpenVPN to my modem anymore.

EDIT: i also run AdguardHome, that I use as Private DNS on my Android phone

UPDATE: everything except Adguard Home used as Private DND on my Android works! I’ve used this: https://github.com/mochman/Bypass_CGNAT/wiki/Oracle-Cloud-(Automatic-Installer-Script) - free Oracle VPS + automated well described script. Even HTTPS works fine!

@rufus@lemmy.sdf.org
link
fedilink
English
241Y

Have you reached out to your ISP to see if they can give you a dynamic public IP? I recently swapped to a new ISP that was using CGNAT but after contacting their support team with my use case, they were happy to set me up with a public IP so I could continue my self-hosting.

@nucleative@lemmy.world
link
fedilink
English
71Y

This. I had the same situation being put behind CGnat and told them my security webcam needs port forwarding from outside and they had me back to a public IP within minutes.

Nik282000
link
fedilink
English
11Y

ISPs in Canada usually include a clause in their TOS that explicitly prohibits selfhosting. Don’t move here, it sucks.

@nucleative@lemmy.world
link
fedilink
English
51Y

🫤 that does suck. Probably so they can charge more for a hosted package?

Nik282000
link
fedilink
English
21Y

It’s to push users into getting commercial accounts.

@tal@lemmy.today
link
fedilink
English
5
edit-2
1Y

I dunno. The IPv4 address space is getting pretty tight, and aside from rejiggering existing inefficient allocations, there’s not a lot you can do beyond NAT.

In the US, we had it pretty good for a long time, because we had a rather disproportionate chunk of the IPv4 address space – Ford, MIT, and Apple alone each had their own Class A netblock, about half a percent of the IPv4 address space each, for example.

But things have steadily gotten tighter as more and more of the world uses the Internet more and more.

https://whatismyipaddress.com/ipv6-ready

As expected, the ISPs are no longer receiving new allotments or allocations of public IPv4 addresses from the American Registry for Internet Numbers (ARIN). Some have managed to continue to provide new IPv4 addresses by reallocating some of the addresses they had been assigned in the past but perhaps had never passed on to customers. This buys them a little more time while they scramble to roll out and support IPv6 addresses.

Like, there’s real scarcity of the resource. It doesn’t require the scarcity to be artificially-induced.

My ISP used to let one get a /29 IPv4 block for residential users, though they stopped that years ago. Always have had a way to get publicly-facing IPv6 addresses, though.

End of the day, the real fix is to get the world on IPv6.

Nik282000
link
fedilink
English
11Y

IPv6.

Not even offered in my area 🤡

Caveman
link
fedilink
English
11Y

I don’t know Canada laws but does it only apply if you make money off it (or intend to). Self hosting Jellyfin server is basically just delayed uploading.

Nik282000
link
fedilink
English
11Y

Afaik it’s at the ISP’s digression. Up until I switched, Bell would block ports 21, 22, 53, 80 and 443.

Caveman
link
fedilink
English
21Y

That’s pretty nice compromise. 80 and 443 are the ones mainly used commercially

Nik282000
link
fedilink
English
11Y

It’s kinda shitty of them to block the ports that makes up +30 years of what the internet IS. Bell/Rogers want your internet connection to be unidirectional, when you host your own content you don’t consume theirs.

Caveman
link
fedilink
English
11Y

Yeah, not arguing that, it doesn’t cost them extra to allow those. Still, you can use 8080, 8989, 5000, 7878 etc, for plex, Jellyfin, nextcloud and so on.

You can even workaround it by using cloudflare functions that forward requests to your specific port, DNS it to cloudflare and run a commercial webapp out of your garage anyway.*

*Except if you want to honor whatever ToS they had you agree to.

Create a post

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.

Rules:

  1. Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

  • 1 user online
  • 191 users / day
  • 419 users / week
  • 1.14K users / month
  • 3.85K users / 6 months
  • 1 subscriber
  • 3.71K Posts
  • 74.6K Comments
  • Modlog