ISP put me behind NAT

Kokesh@lemmy.world to Selfhosted@lemmy.world – 104 points –

I'm connected via a 4G modem. Got this setup about 3 years ago. In the beginning it was enough to look for the public IP (what's my IP). The modem showed some sort of private ip in the ui. I'm running stuff at home (Homeassistant, Gitea,) and bought a domain and pointed it to my home IP via Cloudflare. After some time I've noticed my modem shows the public IP also internally. For about 2 years now it ran flawlessly, the IP changed from time to time, but not really more than once in several weeks. For about a week all stopped working and the modem shows IP 100.xxxx and outside 85.something I guess I'm behind NAT now. Normal port forwarding on the modem is useless now. Is it possible to open the ports via UPNP? I've tried via miniupnp from my Ubuntu server, but it just throws an error.

upnpc -a ifconfig enp1s0| grep "inet addr" | cut -d : -f 2 | cut -d " " -f 1 22 22 TCP

Can I use this to somehow open the ports via UPNP on my modem and bypass the blocking? I can't even OpenVPN to my modem anymore.

EDIT: i also run AdguardHome, that I use as Private DNS on my Android phone

UPDATE: everything except Adguard Home used as Private DND on my Android works! I've used this: https://github.com/mochman/Bypass_CGNAT/wiki/Oracle-Cloud-(Automatic-Installer-Script) - free Oracle VPS + automated well described script. Even HTTPS works fine!

104

You are viewing a single comment

Have you reached out to your ISP to see if they can give you a dynamic public IP? I recently swapped to a new ISP that was using CGNAT but after contacting their support team with my use case, they were happy to set me up with a public IP so I could continue my self-hosting.

This. I had the same situation being put behind CGnat and told them my security webcam needs port forwarding from outside and they had me back to a public IP within minutes.

ISPs in Canada usually include a clause in their TOS that explicitly prohibits selfhosting. Don't move here, it sucks.

🫤 that does suck. Probably so they can charge more for a hosted package?

It's to push users into getting commercial accounts.

I dunno. The IPv4 address space is getting pretty tight, and aside from rejiggering existing inefficient allocations, there's not a lot you can do beyond NAT.

In the US, we had it pretty good for a long time, because we had a rather disproportionate chunk of the IPv4 address space -- Ford, MIT, and Apple alone each had their own Class A netblock, about half a percent of the IPv4 address space each, for example.

But things have steadily gotten tighter as more and more of the world uses the Internet more and more.

https://whatismyipaddress.com/ipv6-ready

As expected, the ISPs are no longer receiving new allotments or allocations of public IPv4 addresses from the American Registry for Internet Numbers (ARIN). Some have managed to continue to provide new IPv4 addresses by reallocating some of the addresses they had been assigned in the past but perhaps had never passed on to customers. This buys them a little more time while they scramble to roll out and support IPv6 addresses.

Like, there's real scarcity of the resource. It doesn't require the scarcity to be artificially-induced.

My ISP used to let one get a /29 IPv4 block for residential users, though they stopped that years ago. Always have had a way to get publicly-facing IPv6 addresses, though.

End of the day, the real fix is to get the world on IPv6.

IPv6.

Not even offered in my area 🤡

I don't know Canada laws but does it only apply if you make money off it (or intend to). Self hosting Jellyfin server is basically just delayed uploading.

Afaik it's at the ISP's digression. Up until I switched, Bell would block ports 21, 22, 53, 80 and 443.

That's pretty nice compromise. 80 and 443 are the ones mainly used commercially

It's kinda shitty of them to block the ports that makes up +30 years of what the internet IS. Bell/Rogers want your internet connection to be unidirectional, when you host your own content you don't consume theirs.

Yeah, not arguing that, it doesn't cost them extra to allow those. Still, you can use 8080, 8989, 5000, 7878 etc, for plex, Jellyfin, nextcloud and so on.

You can even workaround it by using cloudflare functions that forward requests to your specific port, DNS it to cloudflare and run a commercial webapp out of your garage anyway.*

*Except if you want to honor whatever ToS they had you agree to.