this post was submitted on 11 Nov 2023
103 points (92.6% liked)

Selfhosted

40173 readers
625 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

I'm connected via a 4G modem. Got this setup about 3 years ago. In the beginning it was enough to look for the public IP (what's my IP). The modem showed some sort of private ip in the ui. I'm running stuff at home (Homeassistant, Gitea,) and bought a domain and pointed it to my home IP via Cloudflare. After some time I've noticed my modem shows the public IP also internally. For about 2 years now it ran flawlessly, the IP changed from time to time, but not really more than once in several weeks. For about a week all stopped working and the modem shows IP 100.xxxx and outside 85.something I guess I'm behind NAT now. Normal port forwarding on the modem is useless now. Is it possible to open the ports via UPNP? I've tried via miniupnp from my Ubuntu server, but it just throws an error.

upnpc -a ifconfig enp1s0| grep "inet addr" | cut -d : -f 2 | cut -d " " -f 1 22 22 TCP

Can I use this to somehow open the ports via UPNP on my modem and bypass the blocking? I can't even OpenVPN to my modem anymore.

EDIT: i also run AdguardHome, that I use as Private DNS on my Android phone

UPDATE: everything except Adguard Home used as Private DND on my Android works! I've used this: https://github.com/mochman/Bypass_CGNAT/wiki/Oracle-Cloud-(Automatic-Installer-Script) - free Oracle VPS + automated well described script. Even HTTPS works fine!

you are viewing a single comment's thread
view the rest of the comments
[–] nucleative@lemmy.world 7 points 1 year ago (1 children)

This. I had the same situation being put behind CGnat and told them my security webcam needs port forwarding from outside and they had me back to a public IP within minutes.

[–] nik282000@lemmy.ca 1 points 1 year ago (2 children)

ISPs in Canada usually include a clause in their TOS that explicitly prohibits selfhosting. Don't move here, it sucks.

[–] nucleative@lemmy.world 5 points 1 year ago (1 children)

🫤 that does suck. Probably so they can charge more for a hosted package?

[–] nik282000@lemmy.ca 2 points 1 year ago (1 children)

It's to push users into getting commercial accounts.

[–] tal@lemmy.today 5 points 1 year ago* (last edited 1 year ago) (1 children)

I dunno. The IPv4 address space is getting pretty tight, and aside from rejiggering existing inefficient allocations, there's not a lot you can do beyond NAT.

In the US, we had it pretty good for a long time, because we had a rather disproportionate chunk of the IPv4 address space -- Ford, MIT, and Apple alone each had their own Class A netblock, about half a percent of the IPv4 address space each, for example.

But things have steadily gotten tighter as more and more of the world uses the Internet more and more.

https://whatismyipaddress.com/ipv6-ready

As expected, the ISPs are no longer receiving new allotments or allocations of public IPv4 addresses from the American Registry for Internet Numbers (ARIN). Some have managed to continue to provide new IPv4 addresses by reallocating some of the addresses they had been assigned in the past but perhaps had never passed on to customers. This buys them a little more time while they scramble to roll out and support IPv6 addresses.

Like, there's real scarcity of the resource. It doesn't require the scarcity to be artificially-induced.

My ISP used to let one get a /29 IPv4 block for residential users, though they stopped that years ago. Always have had a way to get publicly-facing IPv6 addresses, though.

End of the day, the real fix is to get the world on IPv6.

[–] nik282000@lemmy.ca 1 points 1 year ago

IPv6.

Not even offered in my area 🤡

[–] olafurp@lemmy.world 1 points 1 year ago (1 children)

I don't know Canada laws but does it only apply if you make money off it (or intend to). Self hosting Jellyfin server is basically just delayed uploading.

[–] nik282000@lemmy.ca 1 points 1 year ago (1 children)

Afaik it's at the ISP's digression. Up until I switched, Bell would block ports 21, 22, 53, 80 and 443.

[–] olafurp@lemmy.world 2 points 1 year ago (1 children)

That's pretty nice compromise. 80 and 443 are the ones mainly used commercially

[–] nik282000@lemmy.ca 1 points 1 year ago (1 children)

It's kinda shitty of them to block the ports that makes up +30 years of what the internet IS. Bell/Rogers want your internet connection to be unidirectional, when you host your own content you don't consume theirs.

[–] olafurp@lemmy.world 1 points 1 year ago

Yeah, not arguing that, it doesn't cost them extra to allow those. Still, you can use 8080, 8989, 5000, 7878 etc, for plex, Jellyfin, nextcloud and so on.

You can even workaround it by using cloudflare functions that forward requests to your specific port, DNS it to cloudflare and run a commercial webapp out of your garage anyway.*

*Except if you want to honor whatever ToS they had you agree to.