Me vs my ISP
So I was looking into getting port forwarding set up and I realized just how closed-off the internet has gotten since the early days. It's concerning. It used to be you would buy your own router and connect it to the internet, and that router would control port-forwarding and what-have-you.
Now, your ISP provides your router, which runs their firmware, which (in my case) doesn't even have the option to enable port forwarding.
It gets worse - because ISPs are choosing NATs over IPv6, so even if you install a custom firmware on your router without it getting blacklisted by your ISP, you still can't expose your server to the internet because the NAT refuses to forward traffic your way. They even devise special NAT schemes like symmetric NAT to thwart hole punching.
Basically this all means that I have to purchase my web hosting separately. Or relay all the traffic through an unnecessary third party, introducing a point of failure.
It's frustrating.
I like to control my stuff. I don't like to depend on other people or be in a position where I have to trust someone not to fuck with my shit. Like, if the only thing outside my apartment that mattered to my website was a DNS record, I'd be really happy with that.
Edit: TIL ISPs in the US don't have NATs
Edit 2: OMG so much advice. My knowledge about computers is SO clearly outdated, I have a lot of things to read up on.
Edit 3: There's definitely a CGNAT involved since the WAN ip in the router config is not the same as the one I get when I use a website that echos my IP address. Far as I can tell my devices don't get unique IPv6 addresses either. (funnily enough, if I check my IP address on my phone using roaming data, there's no IPv6 address at all). It's a router/modem combo, at least I think since there's only one device in my apartment (maybe there's a modem managing the whole complex or something?). And it doesn't have a bridge mode, except for OTT. Might try plugging my own router into it, but it feels like a waste of time and money from what I'm seeing. Probably best to just host services over a VPN or smth.
Edit 4: Devices do get unique IPv6 addresses, but it's moot since I can't do anything but ping them. I guess it wouldn't be port forwarding but something else that I would have to do that my router doesn't support
In the US and I use my own personal modem and router. Renting their equipment is optional.
Same here. I get $10 off for using my own router. That's $120 off per year. A cheap router bought from a supermarket cost me $60. It works fine, the signal quality is only okay but my flat's pretty small anyway. Getting your own router is just a financially sensible option.
buying my own upper-midrange router still cost me less than renting from the ISP over a three year period
Not really with ATT fiber anymore. The fiber goes straight into their router to authenticate. There is no option for me to purchase an equivalent piece of equipment. I am forced to pay to use their equipment. Fuck ATT.
You can totally bypass ATT Fiber now with your own SFP+ xgs-pon, fiber terminated to your device, without needing to exfil certs or do anything other than clone the identifying info of the att router's label depending on the technology they're using in your area.
https://docs.google.com/document/d/1UIAgtxkImgFRwyaGDGtISD0JXnxWNvuuNDrnRac6wGc/edit#heading=h.f8l0utlsram6
Love that random google docs link instead of something like a tech blog.
Only a pastebin link could make it better.
I think the originator of it was on dslreports but I couldn't find the link on mobile. I'm sure if you can search on Google you could find a secondary source for some tech blog or medium about it if that makes you feel better. There's also a discord that covers most xgs-pon bypass methods that I could share too. They keep turning it to private at times for whatever reason.
Other links and info of you are being serious and not passive aggressive. ATT is quick with DMCA takedowns so that's probably why the info can be fleetingly available at times but dslreports seems to be pretty reliable/resistant to them.
https://www.dslreports.com/forum/r33665048-AT-T-Fiber-XGS-PON-SFP-Modules-for-AT-T-Fiber
https://hackaday.io/project/193110-bypassing-the-bgw-320-using-an-azores-cots-ont
https://forum.netgate.com/topic/99190/att-uverse-rg-bypass-0-2-btc/440
https://simeononsecurity.com/guides/bypassing-the-bgw320-att-fiber-modem-router/
Thjs was just meant as a lighthearted joke. It's all fine :)
Nice, I'll have to try this soon. Last time I checked the process was way more complicated.
So I did something before and had to set it back up every week or so. Would this be a permanent solution? If so ima fuck around heavy with this today lol
Yeah the previous bypass used a certificate that you'd have to authenticate periodically via 802.1x. This new method does not have that requirement. Just need the specialized hardware for it, like that Azores d20 box or one of the SFP+ xgs-pon modules that you can program.
I've been using it without any intervention for a little over a 8 months now. Even have my /29 static IP block allocated on it, while still being able to also use the DHCP address they give out. You get to use the whole /29 too without the att box stealing one of them as well.
Check if it has a passthru or bridge mode
Yeah, as soon as I read the second paragraph my thought was "buy your own router". Problem solved.
Not for Spectrum it isnt, unfortunately. You can use your own router but you have to use their modem
Yes CGNAT is used quite a lot, but consider 95% of customers don't care what their public address is and that "saves" the carrier address space.
We are the 5% that do care and if you call your ISP they likely have an option to exclude you from cgn and get an actual public IP.
This. I have been with multiple ISPs that use CGNAT and all had a solution to allow you to self host, just need to contact them.
Yeah, it's looking like I have to make a phone call. Rough time, there's a language barrier
In France, with Free, you can get a real "full stack" IPv4 for free which is cool, I even cancelled my NO-IP subscription.
I am into tech/programming/devops, I make my own servers, but I would still prefer to be under CGNAT as I feel more safe. I wouldn't open any port or tunnel to my local home network, I wouldn't feel that safe. So for me, a CGNAT is perfect.
Yup. I'll open a port in a cheap VPS and tunnel my traffic over that rather than directly open ports on my router. If people here can trust Cloudflare they can use their tunnels too
Yeah, I would do that before exposing my router to public and opening ports, but for the tunnel I would use something like WireGuard into a virtual network at my home just to improve security. I'm not a fan of Cloudflare.
Whatever works. I prefer OpenVPN/Softether for their SSL VPN implementations, and am too lazy to be arsed to deal with stunnel and Wireguard. But if you're not as paranoid then Wireguard works perfectly fine
This is a friendly reminder that NAT is not a firewall and should not be treated as such.
Thank you.
Why are you saying that? I know it's not a firewall, I'm just saying it doesn't expose your router directly to internet, most of the routers also have firewall, and you can DMZ or port forward that you normally turn them on once you expose your router to public so bots or people can make direct requests to your router.
And there is nothing wrong with that. Both systems work for different people. I am on the I like a public address on my place camp, but I have worked where we did cgn for an apartment building and out of the 150 residences none asked for a public address. Saving us a /25 which we could sell to business customers for $5/m per /29
I have ports open (to receive backups from my other servers) but only to connections from specific ip addresses and only port 22 using a pub key (no password) I'd be hesitant to open port 80 to the public though.
Then again I've run a small public web server for well over a decade and never had any issues with hackers.
It's never late to get hacked or an attack or a problem with your ISP router firmware. I don't think that's an excuse.
You can simply do cronjob and
scp user@server:/path/to/backup .to get things from server to your local network, I don't see the need to expose your router to the public. For a web server, there are cheap VPS providers for less than 5 dollars a month, and you save up energy, hardware, and improve safety at home.Why use your ISPs router then? Just buy your own.
And a webserver is probably the safest thing to put online.
You can also put the server in a DMZ and or use reverse proxy's and a bunch of other stuff.
I already have my own router, even if a web server is safer, you are still exposing your IP which is what I don't want to do. DMZ doesn't solve anything, is just worse than setting up a port forward as you are opening all the ports to the server at home, your server at home has access to all your network so once infected by any 0-day exploit, you are fucked up.
I just hire online servers and I have my own Ansible playbooks to manage those servers, this way I don't provide my real IP (my home) to anyone.
No, the entire point of a DMZ is to insulate a device from the rest of the network and you can (should) configure which ports that are forwarded to the DMZ, don't just forward everything. You can (should) also configure a bunch of other normal firewall rules for the DMZ.
Personally I don't consider "exposing" your home IP to be a big deal. It's just an IP.
https://en.wikipedia.org/wiki/DMZ_(computing)#DMZ_host -> By definition, this is not a true DMZ (demilitarized zone), since the router alone does not separate the host from the internal network.
Home routers aren't firewalls or something similar, they have some minimal logic that can act like a firewall, but they aren't. There is no need to expose your IP, there are many alternatives to do stuff without exposing it.
I'm of course referring to a real DMZ and not a DMZ host.
I won't call home routers "not firewalls" just bad firewalls Surprisingly even Cisco firewalls support DMZ hosts. I have no idea why you would ever what to use that.
. Maybe but why would it matter, especially enough to pay cloud bills?
I have a cheap VPS for my website but that is just because I'm behind a CGNAT and I won't bother to solve that.
Because we are talking home-made stuff, we didn't talk about a real firewall or any infrastructure, and even doing that is much more expensive than the cheap VPS.
Same, that's why I am saying there is no need to expose your IP, unnecessary risks.
You will learn much more with self hosting at home though. Which is arguably worth much more.
Why is it a risk?
Much more? It's the same... What's the difference?
https://security.stackexchange.com/questions/41983/what-risks-are-involved-in-exposing-our-home-computers-over-the-public-internet ...
What ISP do you have and what country are you in? I have Comcast in the US and do not have this issue even though they are a big and shitty ISP (I even use their modem, but I do have my own router which I HIGHLY suggest).
The older and shittier the ISP the more blocks of IPV4 addresses they have. They have blocks from when they were given out willy nilly.
New ISPs, the ones that compete and bring the prices down have to buy addresses and that costs money and is a cost bigger and older ISPs do not have.
This is a case for regulation - either mandating a move to V6 or mandating the release of stockpiled v4 addresses. ISPs will not do that on their own, the addresses can currently be sold for lots of money.
The US and other western countries don't really feel the pressure of IPv4 scarcity yet. ISPs in other countries typically uses CGNAT or IPv6. Some even give you a routable IPv4 but may randomly replaced it with an ip behind their CGNAT when the lease is expired, giving you false sense of hope.
IPv4 address depletion isn't really the ISP's fault. It's a shitty solution to a shitty situation, to be sure, but it's either that or employing rationing strategies to stretch the remaining supply of IPv4 addresses.
Or just use IPv6...
Many ISPs in Denmark actually charge you 30-40 DKK (4-7 USD) extra for the 'luxury' of IPv6, which is the same that they charge for publicly routable IPv4 (of course). I found that quite infuriating, so I searched around and found one that had public IPv4 and IPv6 included in the price. A little more expensive all in all, but I just hated the concept of IPv6 being an "extra" in 2023.
Holy fuck, IPv6 is specifically designed to be non scarce and they have the gall to charge extra for it. Gross
Exactly! I wrote the same thing to them when that became clear.
i repeatedly petitioned our landlord (once a year) to allow an alternative isp to hook up to the building, and he eventually was so pissed from my requests that he threatened to press charges against me personally if the electrical box were ever opened
Ouch. You know some landlords get kickbacks for exclusivity? It's pretty corrupt where I live.
My internet is included in rent. Which is convenient for day-to-day use but gives me less capacity for customization. Like, I admit it, the system works really well for normal people, I'm just a weirdo who likes tinkering with technology, hosting websites, and whatnot
"My food is included in rent. Which is convenient for day-to-day eating but gives me less capacity for cooking my own meals. Like, I admit it, the system works really well for normal people, I’m just a weirdo who likes tinkering with recipes, hosting dinner parties, and whatnot"
There, I highlighted the absurdity even more for you. You're not a wierdo, you're a tech-chef.
lmao I like this.
Honestly I feel like people should have a better understanding of how their technology works. Like if we just all lived in a post-scarcity society where all code was available on github and any time a program stops working for you you can just go in, fork the repo, make the change that fixes your problem. Blammo, your problem is solved as soon as you can write the code, and if anyone else has the problem they can use your change.
One can dream
Well, people have been forking recipes forever. I'm sure we will get closer to that reality eventually
using more salt, or leaving out ingredients that one's allergic to isn't as hard as learning c++, understanding the codebase, knowing the external packages used, knowing your specific problem, knowing where to fix it, knowing how to fix it.
I would have moved
i threatened to do this in my petitions, as my calls with work were dropping due to jitter
I bought my own cable modem and router for less than what my ISP would charge to rent them to me. They control nothing on my end.
Same, never use their equipment if possible, cheaper and you are in control.
Apologies if you've answered this elsewhere but I'm assuming there's a reason you haven't bought your own router?
Is that possible with something like T-Mobile Home Internet?
idk that's why I asked
Yes, because they're mostly pieces of shit, technically inept and unable to properly deploy IPv6 at a large scale.
Either way IPv6 doesn't fix everything as you'll still need a real IPv4 to access a large part of the internet or some translation (MAP-T/MAP-E). Even if your ISP provided dual stack with a real public IPv6 + CGNAT / MAP-T IPv4 it would still be annoying as you wouldn't be able to do port forwarding on the IPv4 and won't be able to access your self-hosted services from a LOT of networks that are IPv4 only.
And this is why I'm unlikely to change isp. I have a /29 ipv4 block and /48 ipv6 block. No extra charge. Grandfathered features from over a decade ago.
HOLY SHIT YOU HAVE A /29 IPV4 BLOCK???
That's like having a change jar with copper pennies or something, nice
Yep. The ISP doesn't offer it any more. They stopped, I think when RIPE officially "ran out" of new net blocks. But I've moved address twice so far and have kept the allocation. Well, on the last move they messed up and gave new a new single IP. I complained, and they asked why it matters so much to have my old IP. I pointed out I had a netblock, and they fixed it up pretty quickly.
Pretty soon, full fibre will be in my area and available on the same ISP. So, hoping for a smooth transition to keep it for a bit longer.
How does it feel hoarding IPs from 7 other people who want one?
That's fucking awesome.
Yep, the US reserved most of the ipv4 for them so they have no need for CGNAT, I had to change my ISP to host a terraria server for my friends because of it, but if you don't live in a big city you have no options.
I read that you can say to your ISP that you need port forwarding to use a remote camera system and they will make an exception for you, but I just switched since I even got a better speed deal.
I had a fun little issue a while back where my isp replaced our fiber modem to one that didn't allow for port forwarding. The settings were missing but when I set up dmz host on that to allow our equipment to work again, I noticed it was behind some nat in their system. I found out I could call them to get functionality restored for a fee, but instead I plugged in the old box and still keep an external ip with port forwarding enabled and no nat. To be honest the old one has been a lot less stubborn as it doesn't drop every 10th packet on the network. I switched back about 6 months ago, and I've not had any issues, so we'll see when they call demanding me to plug in the new one. Their explanation for switching systems was that their old one wasn't powerful enough for gigabit speeds, even though both have interfaces for gigabit sfp. After some testing, the old one was more capable and stable at those speeds. I assume they wanted to switch systems due to some licensing thing, or to get more money from the .5% of people who care about these features.
I'd advice to look into ipv6 tunnels and try to get that working. Abandon ipv4 when your isp refuses to ipv6.
You can't get your own router?
You can. But it then has to route through their modem+router single piece unit.
E.g. I have my own router which handles everything I need. But I switched ISPs recently to save 70$ per month, and the new company router has parts of its functionality, like turning off the wifi, built into their smartphone app and disabled in the admin panel.
Also the username and password for the unit is, by default, admin/admin. In 2023.
Don't know you exact situation, but you should be able to bring your own modem (or modem/router combo) or put their provided unit into bridge mode
Bridge mode still means you go through their hardware. I had issues with my ISP modem because even if it was in bridge mode I was basically ddos-ing it with my usage.
In the end I got an sfp module that mimick being the modem and plugged the ISP fiber right into my opnsense box where the CPU was plenty.
Yes, but if you can't get your own modem it'll at least stop you from having your traffic slowed down by the router side of their hardware
Even in bridge mode you can still be slowed down by the modem if its CPU can't handle your traffic. That's unless the isp modem offer a complete passthrough. That's what was happening to me even in bridge mode where I was getting my own IP through pppoe. The modem couldn't be made into full passthrough and was hitting 100% CPU.
Sounds like a (somehow even more) shit isp. I just tapped the "bring my own" when I signed up, and bought myself a modem/router combo at best buy.
This is primarily geographic
In my country we just buy a router and ask the ISP to set the modem/router in bridge mode
If you're trying to self-host http service, you can use cloudflare tunnels.
I've thought about using AWS for hobbyist web applications, but I worry about difficult-to-predict costs
That said, after a cursory glance, HOLY SHIT IT'S FREE
Obviously still not a great solution if DMCA is a concern
Hetzner is affordable and way more transparent than AWS, btw
For free tier, Google Cloud is more transparent about what you get than AWS IMO.
The only catch is to make sure your persistent disk is "standard" to make it totally free as it defaults to SSD.
However if you do mess up the disk you'll still only be paying $1-2/mo. Been using GC for years, and recently they finally started offering dual stack so you can do your own 6to4 tunneling or translation if you want, depends on your usage case.
AirVPN also are legit and will let you forward ports to expose your local services if you're worried about DMCA type issues.
I finally got IPv6 here through Starlink, it's nice to have full access to the internet again after a decade behind CGNAT
Cloudflare tunnels are definitely the way, letting you expose a service to the open internet regardless of what your ISP thinks. I’m not sure how they would handle DMCA complaints but given they are just a DNS provider, I’m not sure they would do much given it’s the server owner’s responsibility for the content. Which in this case is you.
Tunnelling isn't a DNS provider
If you're lucky enough to successfully create an account on Oracle Cloud, you can also try Oracle Cloud Free Tier. You can have free ARM64 x4 CPU and 24 GiB RAM totally free of charge. There might be problems with availability during VM registration, but there are scripts that automate spamming for checking every 80 seconds.
I've been using it for 2 years and it's great. However be aware that your VM might get erased if you have a free account. That too can be remedied if you update to a premium subscription (You still get Free Tier resources without a charge). Nobody has reported an erased VM on a premium plan yet.
Still, I am pretty sure they can erase it if you do illegal stuff with it. I've been using it only to host Minecraft Server, as well as other services using Docker. So far so good.
Awesome, thanks for the trick!
wait, all I got from this is Oracle gives out free 24GiB 4core VPSs? Free cake and I can eat it too? Please fill me in on more details, or links
https://www.oracle.com/cloud/free/
There are tutorials on youtube on how to create a VM and set up a firewall for external access.
Where's the catch? Seems to good to be true? On that power I can host everything I ever wanted and more
https://docs.oracle.com/en-us/iaas/Content/FreeTier/freetier_topic-Always_Free_Resources.htm
Reclamation of vms as others have mentioned and the service limitations as to what qualifies for the free tier are really the only catch, but not a problem if you're willing to give them your credit card info for a paygo acct. More details are in this link to the docs. It's honestly a really good deal and I find it way more transparent and easier to use than AWS.
I give them an empty online card, and install some random bloatware so it uses cpu and ram. Now I have a server for free forever? How do they profit from this, it's hard to believe that it's truly free?
In my country, the ISP rents you a modem and router. I told them I had my own modem and router during setup and my monthly cost is slightly less than their advertised price.
I am fortunate that my ISP gives me a routable address, but it is still only dynamic and may change a couple times a year. I would have to pay for a commercial plan if I want a static IP. Some other local ISPs use carrier grade NAT, but you can still request a publicly routable static IP with a business plan. Maybe you can ask your ISP for that?
Might not be ideal but perhaps simpler, do you have the ability to upgrade your service to business class? Usually the business tiers allow such things and they will support self hosting and open up the ports for you if you ask. It will likely cost more for the same speed you currently have. Another option to consider
Just a bit of a warning if you do this. Business class service usually requires full year contacts, and breaking the contract can mean THOUSANDS of dollars in termination fees depending on the timing.
Asking is free
Cheapest vps plus "sshuttle" may work, host everything on your home server but have dedicated ip of your vps
First time hearing about sshuttle, thanks! What I did some time ago is to order small VPS in Linode, hosted wireguard server and let my router connect to it. Since connection is established - I've port-forwarded all ports (except 22) from VPS to my router via established wireguard connection.
Then all I have to do is to manage port forwarding on my router, but if I want to connect to my router from outside - I must use VPS IP.
Worked great, except the fact that I used to have mobile internet and as a rule of thumb - upload speed of mobile internet suck ass...
Check this out https://github.com/MHSanaei/3x-ui
Standard IPv4 NAT or CGNAT?
Are you using their modem AND router? Or just their modem? If it's a modem router combo, can you place it in bridge/passthrough mode?
Even if it's CGNAT and no bridge mode, their are solutions available.
Are you looking to host private services like NextCloud? Or public services like a website?
Far as I can tell there's no bridge mode, and there's only one device in the space that connects me to the internet. Pretty sure it's a CGNAT, and I wanna host a website
why not bridge the router and use your own?
the router doesn't have one?
which ISP is it?
No matter how much you think you know, there's always something everyone knows that you've never heard of...
That said, if bridge mode is something that you can enable in the config (going to 192.168.0.1 in web browser and all that) then it's not possible.
It's through China Mobile
You could get an ONU like this
https://www.aliexpress.us/item/3256804134894710.html
Use it to clone every bit of authentication from ur current ONU to it, the realtek chip in it is very customizable.
https://github.com/Anime4000/RTL960x
https://hack-gpon.org/
I'm honestly amazed the internet isn't locked down even more for you then. I was under the impression that the Golden firewall would be complemented with strict local network rules
Sometimes it’s configurable through the web interface, sometimes it requires a call to the ISP if you’re using their locked-down modem.
I’m not familiar with IT norms in China though.
sounds like his router is locked down, and even then, if the isp puts him behind nat, there isnt much he can do on his side even if he could theoretically forward those ports.
yes, cgnat is very common in many countries due to IPv4 shortage, bypassing the ISP Router and using your own along with a self hosted VPN Server (for China, Hong Kong or Tokyo works great) is the best choice.
ipv6 is nice to use too if they dont also NAT it (which looks rare?)
Are you trying to offer a port for peer sharing (XDCC/BT)? I've never tried using it like this but I think Tailscale Funnel could work.
It's a sort of reverse VPN, I guess you could call it. Tailscale maintains the public IP and when someone connects to your advertised port they tunnel it to you through (encrypted) WireGuard. It passes through NAT because connections are outgoing to their servers.
The catch is that wireguard is easily detectable through deep packet inspection so if your ISP is a real asshole they can kill the connections, but if they go that far then NAT traversal is the least of your worries.
Use cloudflare tunnel.
On the flip side, direct open ports to your home network isn't really a great idea anyway.
At one time it wasn't as bad, but today I'd be hesitant because of the number and capability of bad actors and I'm not a network security expert (though I have a lot of training in networks, just shy of that kind of expertise).
In a way, these restrictions have promoted the use of even more secure approaches, like using Cloudflare tunnels, VPS's with VPN connections to your network, or things like Wireguard/Tailscale, which provide a virtual (encrypted) network layered on top of the public (untrusted) network.
All of these can provide an externally controlled (secured and encrypted) access to specific resources within your own network. As mentioned, VPS with VPN, Cloudflare tunnels, or Tailscale Funnel or Share.
It's really shitty. My isp offers a static ip plan but it costs a lot more, so I try using tailscale and it works ok. It's a shame though
I don’t know what you mean by ISPs in the US don’t have NATs. They most certainly do NAT at the gateway device. But they also typically provide a way to DMZ to your own router instead. I don’t have to deal with double NAT simply because I effectively have my ISP gateway in bridge mode (forwarding all traffic to a specific device, in this case, my personal router).
Note: I have gigabit FTTH from AT&T. I left cable internet the moment fiber service was made available.
There are plenty of solutions out there like Tailscale, Cloudflared tunnel, Nebula, ZeroTier, etc. Yes, ISPs still prefer IPv4 and impose CGNAT, but it is mostly because IPv6 isn't as ubiquitous as IPv4 and the world long went out of public IPv4 addresses.
Plus where I live I can do with my IPv6 whatever I please.
Sounds nice
Did you contact your ISP about this? Most of them can adjust a setting for you to remove the NAT part, the feature is usually called dual-stack. If you are in the EU, you even have a fundamental right to use your own router, you just have to register your MAC with them.
Can't switch ISPs? I'd tell them exactly why I'm switching.
Here in Germany I get a "real" (non-shared) IPv4 address and a /48 IPv6 subnet I think. With Telekom at least. Vodafone is another story. I think the user must be able to use their own router because of some EU law.
Is your service fiber? Is your router a combined ONT and router? If its not and you have an ONT serving ethernet to the router, you can just plug your own router in.
You said it's through china mobile so is it a cell modem/router?
Just checked, it looks like it's fiber. Definitely has something plugged into the wall anyway - I'm kinda afraid of unplugging it and ruining my internet access.
Idk how it works in china, is the wire coming from the wall a thin sorta stiff wire? or is it a thicker wire(5-10mm across) that is bendy?
If the latter, you can just plug that ethernet cable into your own router.
If its a fiber cable then I dont know if you can have your own ONT.
Lolol bro is screaming and riling the troops over his insane ISP using NAT lol
It doesn't materially affect anything. I can even still host websites using things like serveo.net or localhost.run. It just violates something in my sense of efficiency to have a server out there that I'm using literally for the only purpose of proxying connections back to me because my ISP blocks all incoming connections
It would be better to have a cheap vps for the same purpose
It's like the same cloudflare, but with more control