So I was looking into getting port forwarding set up and I realized just how closed-off the internet has gotten since the early days. It’s concerning. It used to be you would buy your own router and connect it to the internet, and that router would control port-forwarding and what-have-you.
Now, your ISP provides your router, which runs their firmware, which (in my case) doesn’t even have the option to enable port forwarding.
It gets worse - because ISPs are choosing NATs over IPv6, so even if you install a custom firmware on your router without it getting blacklisted by your ISP, you still can’t expose your server to the internet because the NAT refuses to forward traffic your way. They even devise special NAT schemes like symmetric NAT to thwart hole punching.
Basically this all means that I have to purchase my web hosting separately. Or relay all the traffic through an unnecessary third party, introducing a point of failure.
It’s frustrating.
I like to control my stuff. I don’t like to depend on other people or be in a position where I have to trust someone not to fuck with my shit. Like, if the only thing outside my apartment that mattered to my website was a DNS record, I’d be really happy with that.
Edit: TIL ISPs in the US don’t have NATs
Edit 2: OMG so much advice. My knowledge about computers is SO clearly outdated, I have a lot of things to read up on.
Edit 3: There’s definitely a CGNAT involved since the WAN ip in the router config is not the same as the one I get when I use a website that echos my IP address. Far as I can tell my devices don’t get unique IPv6 addresses either. (funnily enough, if I check my IP address on my phone using roaming data, there’s no IPv6 address at all). It’s a router/modem combo, at least I think since there’s only one device in my apartment (maybe there’s a modem managing the whole complex or something?). And it doesn’t have a bridge mode, except for OTT. Might try plugging my own router into it, but it feels like a waste of time and money from what I’m seeing. Probably best to just host services over a VPN or smth.
Edit 4: Devices do get unique IPv6 addresses, but it’s moot since I can’t do anything but ping them. I guess it wouldn’t be port forwarding but something else that I would have to do that my router doesn’t support
In the US and I use my own personal modem and router. Renting their equipment is optional.
Same here. I get $10 off for using my own router. That’s $120 off per year. A cheap router bought from a supermarket cost me $60. It works fine, the signal quality is only okay but my flat’s pretty small anyway. Getting your own router is just a financially sensible option.
Not really with ATT fiber anymore. The fiber goes straight into their router to authenticate. There is no option for me to purchase an equivalent piece of equipment. I am forced to pay to use their equipment. Fuck ATT.
You can totally bypass ATT Fiber now with your own SFP+ xgs-pon, fiber terminated to your device, without needing to exfil certs or do anything other than clone the identifying info of the att router’s label depending on the technology they’re using in your area.
Love that random google docs link instead of something like a tech blog.
Only a pastebin link could make it better.
So I did something before and had to set it back up every week or so. Would this be a permanent solution? If so ima fuck around heavy with this today lol
Can you recommend a good router that isn’t extremely expensive?
I did some research about a year ago and started using a router recommended by both random users and reviewers (TP-Link Archer AX-3000 I think) only to quickly find out it had a bad QoS implementation which broke applications sending IP packets with certain DSCP values (SSH by default, Mumble, VoWiFi on an iPhone, WhatsApp calls) so I switched back to an ISP provided router unfortunately. When I talked to TP-Link support they sent me firmware which would have allowed them to connect to my router using telent (absolutely insane IMO, especially since other users also complained about this issue).
Further research showed that many consumer-level routers have these kinds of issues, so I’m reluctant to try this again.
Yes CGNAT is used quite a lot, but consider 95% of customers don’t care what their public address is and that “saves” the carrier address space.
We are the 5% that do care and if you call your ISP they likely have an option to exclude you from cgn and get an actual public IP.
I am into tech/programming/devops, I make my own servers, but I would still prefer to be under CGNAT as I feel more safe. I wouldn’t open any port or tunnel to my local home network, I wouldn’t feel that safe. So for me, a CGNAT is perfect.
Yup. I’ll open a port in a cheap VPS and tunnel my traffic over that rather than directly open ports on my router. If people here can trust Cloudflare they can use their tunnels too
Yeah, I would do that before exposing my router to public and opening ports, but for the tunnel I would use something like WireGuard into a virtual network at my home just to improve security. I’m not a fan of Cloudflare.
This is a friendly reminder that NAT is not a firewall and should not be treated as such.
Thank you.
Why are you saying that? I know it’s not a firewall, I’m just saying it doesn’t expose your router directly to internet, most of the routers also have firewall, and you can DMZ or port forward that you normally turn them on once you expose your router to public so bots or people can make direct requests to your router.
And there is nothing wrong with that. Both systems work for different people. I am on the I like a public address on my place camp, but I have worked where we did cgn for an apartment building and out of the 150 residences none asked for a public address. Saving us a /25 which we could sell to business customers for $5/m per /29
I have ports open (to receive backups from my other servers) but only to connections from specific ip addresses and only port 22 using a pub key (no password) I’d be hesitant to open port 80 to the public though.
Then again I’ve run a small public web server for well over a decade and never had any issues with hackers.
I’ve run a small public web server for well over a decade and never had any issues with hackers.
It’s never late to get hacked or an attack or a problem with your ISP router firmware. I don’t think that’s an excuse.
receive backups from my other servers
You can simply do cronjob and scp user@server:/path/to/backup . to get things from server to your local network, I don’t see the need to expose your router to the public. For a web server, there are cheap VPS providers for less than 5 dollars a month, and you save up energy, hardware, and improve safety at home.
What ISP do you have and what country are you in? I have Comcast in the US and do not have this issue even though they are a big and shitty ISP (I even use their modem, but I do have my own router which I HIGHLY suggest).
The older and shittier the ISP the more blocks of IPV4 addresses they have. They have blocks from when they were given out willy nilly.
New ISPs, the ones that compete and bring the prices down have to buy addresses and that costs money and is a cost bigger and older ISPs do not have.
This is a case for regulation - either mandating a move to V6 or mandating the release of stockpiled v4 addresses. ISPs will not do that on their own, the addresses can currently be sold for lots of money.
The US and other western countries don’t really feel the pressure of IPv4 scarcity yet. ISPs in other countries typically uses CGNAT or IPv6. Some even give you a routable IPv4 but may randomly replaced it with an ip behind their CGNAT when the lease is expired, giving you false sense of hope.
IPv4 address depletion isn’t really the ISP’s fault. It’s a shitty solution to a shitty situation, to be sure, but it’s either that or employing rationing strategies to stretch the remaining supply of IPv4 addresses.
i repeatedly petitioned our landlord (once a year) to allow an alternative isp to hook up to the building, and he eventually was so pissed from my requests that he threatened to press charges against me personally if the electrical box were ever opened
My internet is included in rent. Which is convenient for day-to-day use but gives me less capacity for customization. Like, I admit it, the system works really well for normal people, I’m just a weirdo who likes tinkering with technology, hosting websites, and whatnot
“My food is included in rent. Which is convenient for day-to-day eating but gives me less capacity for cooking my own meals. Like, I admit it, the system works really well for normal people, I’m just a weirdo who likes tinkering with recipes, hosting dinner parties, and whatnot”
There, I highlighted the absurdity even more for you. You’re not a wierdo, you’re a tech-chef.
lmao I like this.
Honestly I feel like people should have a better understanding of how their technology works. Like if we just all lived in a post-scarcity society where all code was available on github and any time a program stops working for you you can just go in, fork the repo, make the change that fixes your problem. Blammo, your problem is solved as soon as you can write the code, and if anyone else has the problem they can use your change.
One can dream
I bought my own cable modem and router for less than what my ISP would charge to rent them to me. They control nothing on my end.
