Hello,
I have a Nextcloud server installed at home that works well on my LAN network, but when I try to make the server accessible via a DynDNS service, I cannot connect to it. The request doesn’t even reach my server. My question is whether the router immediately blocks the request, because when I set the router to be accessible (it has separately that option), I can connect without any issues over dyndns url. Could my ISP (O2) be blocking it? I can confirm that it’s not a firewall issue, and it’s also not because I’m connected to the same WiFi as the server. It’s not a port forwarding issue either, as I’ve gone through all possible options. My router is a Fritzbox 6660, and there are no logs indicating that a request has even come through.
My second question is whether this is even allowed in Germany? Also, I’ve noticed that my ISP rarely changes my IP address; in fact, I haven’t seen it change at all in the past few months, which is strange because in my home country, it changed every 24 hours.
Edit: First, thank you all for your help. I will try your suggestions over the course of this week or month (due to time-related issues :) and will report back with the results. Since I am clearly a noob when it comes to self-hosting and I plan to have only a Nextcloud server for personal use, what is the best way to secure the system in these situations and allow only certain devices to access it over the external network? (if I ever manage to access it at all)
Some German cable providers do internal NATting please check that yours does not.
Does your router indicate that you have DS-Light? I think O2 provides each customer DS-Light until they ask for a real IPv4.
To your second question: In case of DS-Light you don’t need a new IPv4 IP every 24h because your IP is not public facing.
PS: I don’t be sure, but the Fritz Remote Apps use IPv6 to ensure that they also work with DS-Light.
Most likely you are under CGNAT, so your best bet is Tailscale, Wireguard, CloudFlare Tunnel or Zero Tier. Pick your poison.
Wireguard will only work if the cellular or ISP at, say the workplace, have an IPv6 adress or IPv4-to-6 translation
This so much of a lie.
Only the usual suspects (new fiber ISPs, Vodafone/KabelBW and O₂) do and usually on the coax and fiber contracts.
even allowed in Germany?
Yes.
works well on my LAN network, but when I try to make the server accessible via a DynDNS service
I guess your Fritzbox does NAT for your LAN. Then the dyndns address works only when the client is outside.
Having been in this same position I think I can help, you are almost definitely being cgnat which means that you do not have your own ipv4. The two workarounds I used for this are to use only ipv6 which is public but means you can’t always access it from older networks. And the second solution is to wireguard tunnel to a free oracle VM and use it as a proxy.