Edit: Big thanks to everybody who shared their advice! :) I’m very pleasantly surprised and will definitely explore all the options you guys provided, such as getting an additional router or configuring Tailscale. Again, big thanks to everyone!
Hi all, I’ve recently moved and now my ISP doesn’t allow port forwarding for wired connections (wifi only), and my landlord does not allow changing ISPs. Now my home server is practically useless which makes me very sad.
Is there any easy way to still access device ports without port forwarding or buying a wifi card/dongle is my safest bet?
I’m surprised howany people suggest using a Cloudflare tunnel given one of the main points of self-hosting is to avoid using centralized systems.
You should be able to place the Xfinity modem into bridge mode and use your own router. Alternatively you can buy your own cable modem and return the rented one to Xfinity. Just make sure the modem you buy is DOCSIS 3.1 or 4.0 since there a lot of legacy equipment still floating around.
Cloudflare Tunnels also work really well and turnkey for CGNAT restricted networks though. I used to have and love a simple WireGuard setup but one day the ISP can just change their structure and then you need some kind of end run around those. Tailscale works but it’s also not really a pure selfhosted solution either. Eventually you need some kind of offsite relationship afaik whether it’s a VPS or cloudflare. And cloudflare Just Works.
Decent ISPs that use CGNAT should also have IPv6 available, which doesn’t use NAT at all. In the case of CGNAT, I’d really recommend using IPv6 rather than hacking around CGNAT.
You can self-host Tailscale by using the open-source Headscale project.
I’m behind CGNAT with months between IPv6 prefix changes. Having a separate publicly routable IP for each host is awesome.
Tailscale causes heavy battery drain on my phone (Pixel 4a GrapheneOS) so I’m now on always on plain Wireguard, which only needs 1% of my battery.
Sadly my mother doesn’t have IPv6, so accessing e.g. Jellyfin is not possible.
An open source alternative is FRP
https://github.com/fatedier/frp
It’s a reverse proxy server that you install in both your server and a VM in the cloud, and it tunnels your server over the VM, like Cloudfare solution.
Rathole is similar but allegedly performs better.
I think Tailscale can do the job, making you connect your server through a VPN.
Not what you’re asking but since it’s been covered well:
Buy your own cable modem and put your own firewall behind it. Not only will this save you money in the long run, you’ll also have no issues with things like port forwarding. I use Comcast/Xfinity with a docsis3.1 cable modem + a decent firewall and it’s a good way to go.
- are you sure op hase a compatible connection?
- you cannot use a docsis cable modem behind an already ‘running’ connection, you need a cable to connect it to
- also you need an isp that allows your modem to connect to (in docsis authentication is usually done via the mac address of the modem) (cable is not an ethernet cable in this whole context but a specific type of ‘tv’ cable)
i’m not sure how you think ‘buying a cable modem’ would solve ops problems.
Don’t they require their gateway device for the faster tiers?
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters CGNAT Carrier-Grade NAT IP Internet Protocol NAT Network Address Translation Plex Brand of media server package VPN Virtual Private Network VPS Virtual Private Server (opposed to shared hosting)
6 acronyms in this thread; the most compressed thread commented on today has 13 acronyms.
[Thread #313 for this sub, first seen 29th Nov 2023, 22:35] [FAQ] [Full list] [Contact] [Source code]
deleted by creator
If the ISP allows port forwarding for wireless connections (as you said in your post) you just get yourself a WiFi router that can work in bridge mode.
Then you forward your ports (in the ISP router) to your bridge router and then you log into your bridge router and forward ports to your wired devices.
This assumes that the WiFi connection on the bridge router acts as WAN and performs NAT for its wired devices. If the bridge router is really just a bridge then you should only have to forward ports on the ISP router.
Look into cloudflare tunnels or tailscale funnel. Both let the wider public access a private server without port forwarding. If you want it private only, normal tailscale does that too, you might have some trouble if you want to use a custom domain though, since it’s private.
