I’m connected via a 4G modem. Got this setup about 3 years ago. In the beginning it was enough to look for the public IP (what’s my IP). The modem showed some sort of private ip in the ui. I’m running stuff at home (Homeassistant, Gitea,) and bought a domain and pointed it to my home IP via Cloudflare. After some time I’ve noticed my modem shows the public IP also internally. For about 2 years now it ran flawlessly, the IP changed from time to time, but not really more than once in several weeks. For about a week all stopped working and the modem shows IP 100.xxxx and outside 85.something I guess I’m behind NAT now. Normal port forwarding on the modem is useless now. Is it possible to open the ports via UPNP? I’ve tried via miniupnp from my Ubuntu server, but it just throws an error.

upnpc -a ifconfig enp1s0| grep "inet addr" | cut -d : -f 2 | cut -d " " -f 1 22 22 TCP

Can I use this to somehow open the ports via UPNP on my modem and bypass the blocking? I can’t even OpenVPN to my modem anymore.

EDIT: i also run AdguardHome, that I use as Private DNS on my Android phone

UPDATE: everything except Adguard Home used as Private DND on my Android works! I’ve used this: https://github.com/mochman/Bypass_CGNAT/wiki/Oracle-Cloud-(Automatic-Installer-Script) - free Oracle VPS + automated well described script. Even HTTPS works fine!

  • rufus@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    24
    ·
    1 year ago

    Have you reached out to your ISP to see if they can give you a dynamic public IP? I recently swapped to a new ISP that was using CGNAT but after contacting their support team with my use case, they were happy to set me up with a public IP so I could continue my self-hosting.

    • nucleative@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      ·
      1 year ago

      This. I had the same situation being put behind CGnat and told them my security webcam needs port forwarding from outside and they had me back to a public IP within minutes.

      • Nik282000
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        ISPs in Canada usually include a clause in their TOS that explicitly prohibits selfhosting. Don’t move here, it sucks.

          • Nik282000
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            It’s to push users into getting commercial accounts.

            • tal@lemmy.today
              link
              fedilink
              English
              arrow-up
              5
              ·
              edit-2
              1 year ago

              I dunno. The IPv4 address space is getting pretty tight, and aside from rejiggering existing inefficient allocations, there’s not a lot you can do beyond NAT.

              In the US, we had it pretty good for a long time, because we had a rather disproportionate chunk of the IPv4 address space – Ford, MIT, and Apple alone each had their own Class A netblock, about half a percent of the IPv4 address space each, for example.

              But things have steadily gotten tighter as more and more of the world uses the Internet more and more.

              https://whatismyipaddress.com/ipv6-ready

              As expected, the ISPs are no longer receiving new allotments or allocations of public IPv4 addresses from the American Registry for Internet Numbers (ARIN). Some have managed to continue to provide new IPv4 addresses by reallocating some of the addresses they had been assigned in the past but perhaps had never passed on to customers. This buys them a little more time while they scramble to roll out and support IPv6 addresses.

              Like, there’s real scarcity of the resource. It doesn’t require the scarcity to be artificially-induced.

              My ISP used to let one get a /29 IPv4 block for residential users, though they stopped that years ago. Always have had a way to get publicly-facing IPv6 addresses, though.

              End of the day, the real fix is to get the world on IPv6.

        • Caveman@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          I don’t know Canada laws but does it only apply if you make money off it (or intend to). Self hosting Jellyfin server is basically just delayed uploading.

          • Nik282000
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            Afaik it’s at the ISP’s digression. Up until I switched, Bell would block ports 21, 22, 53, 80 and 443.

              • Nik282000
                link
                fedilink
                English
                arrow-up
                1
                ·
                1 year ago

                It’s kinda shitty of them to block the ports that makes up +30 years of what the internet IS. Bell/Rogers want your internet connection to be unidirectional, when you host your own content you don’t consume theirs.

                • Caveman@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  1 year ago

                  Yeah, not arguing that, it doesn’t cost them extra to allow those. Still, you can use 8080, 8989, 5000, 7878 etc, for plex, Jellyfin, nextcloud and so on.

                  You can even workaround it by using cloudflare functions that forward requests to your specific port, DNS it to cloudflare and run a commercial webapp out of your garage anyway.*

                  *Except if you want to honor whatever ToS they had you agree to.