Ports & NAT VPS

Is it possible to reach a service running on ports 80 & 443 on a NAT VPS?

It is not a web server, not HTTP/S traffic, and can only use IPv4

I've heard that you can use a reverse proxy but I'm new to NAT VPSs

I've searched the forums but didn't find the answer.

Any help is greatly appreciated.

Comments

  • @kalepond said:
    Is it possible to reach a service running on ports 80 & 443 on a NAT VPS?

    It is not a web server, not HTTP/S traffic, and can only use IPv4

    I've heard that you can use a reverse proxy but I'm new to NAT VPSs

    I've searched the forums but didn't find the answer.

    Any help is greatly appreciated.

    You won't be assigned ports 80 and 443 on a NAT VPS. You can listen on those ports but that is on an internal IP. You need to forward the traffic to the internal IP listening on ports 80 and 443.

    Deals and Reviews: LowEndBoxes Review | Avoid dodgy providers with The LEBRE Whitelist | Free hosting (with conditions): Evolution-Host, NanoKVM, FreeMach, ServedEZ | Get expert copyediting and copywriting help at The Write Flow

  • HAProxy can if available, forward 80/443 by domain.
    But you won't get full access on these ports on a NAT VPS.

  • Thanks for your answers.

    I will order one and test for my self.

    What's the best ongoing deals? (EU, USA, AU)

    @Neoon said:
    HAProxy can if available, forward 80/443 by domain.
    But you won't get full access on these ports on a NAT VPS.

    I don't qualify for NanoKVM but do you have HAProxy available?

  • edited December 2019

    @kalepond said:
    Thanks for your answers.

    I will order one and test for my self.

    What's the best ongoing deals? (EU, USA, AU)

    No, please don't do it, you look like you need a dedicated ipv4 for non http traffic, no matter that the ports are http ports.

    Only way on a nat vps would be to use the usually dozen directly mapped ports, instead of 80,443, but that would be to listen on, like 12345 and 12346, for example.

  • NanoKVM and MrVM has HAproxy, IIRC. But if you need some other service than http/https on those ports, it won't nescessarily work. The other option could be to use cloudflare or something to resolve ipv4 and proxy that to ipv6. (I haven't tested this myself. All my services on NAT VPSes can use my allocated custom ports.)

  • Hm if you only need http/https traffic no problem whatsoever you can also use cloudflare then. But non http/https won't happen.
    You can find a tutorial for that on the old forum.
    https://forum.lowendspirit.com/viewtopic.php?id=441

    I wonder if the forum will be like gone 'gone' or just archived/read-only since there are some useful threads still @AnthonySmith

    Thanked by (1)Massimo
  • So if I understand correctly, HAproxy and CloudFlare can only forward HTTP/S by domain

    For example if I'm behind a firewall that allows traffic on IPv4 ports 80/443 only I won't be able to SSH to my NAT VPS using those tools right?

  • NeoonNeoon OG
    edited December 2019

    @kalepond said:
    So if I understand correctly, HAproxy and CloudFlare can only forward HTTP/S by domain

    For example if I'm behind a firewall that allows traffic on IPv4 ports 80/443 only I won't be able to SSH to my NAT VPS using those tools right?

    What?
    You get a dedicated port for SSH.

    Cloudflare does the translation between IPv4 and IPv6, means you forward IPv4 traffic over CF to IPv6 on your VPS.
    HaProxy does forward locally v4 traffic on 80/443 to your VM by domain, nothing else except http traffic can be used there.

    2 different things.
    Also Cloudflare does not accept any other traffic like haproxy e.g http.

  • @Neoon said:

    @kalepond said:
    So if I understand correctly, HAproxy and CloudFlare can only forward HTTP/S by domain

    For example if I'm behind a firewall that allows traffic on IPv4 ports 80/443 only I won't be able to SSH to my NAT VPS using those tools right?

    What?
    You get a dedicated port for SSH.

    Cloudflare does the translation between IPv4 and IPv6, means you forward IPv4 traffic over CF to IPv6 on your VPS.
    HaProxy does forward locally v4 traffic on 80/443 to your VM by domain, nothing else except http traffic can be used there.

    2 different things.
    Also Cloudflare does not accept any other traffic like haproxy e.g http.

    Got it, so wouldn't work for my setup

    I remember reading a thread on LET about tunnelling a VPN over CF, completely different story but can't find it right now.

  • NeoonNeoon OG
    edited December 2019

    In theory, HAProxy could forward any TCP/UDP traffic, but people reported issues with it.
    So for http inspects the traffic and if its not looking like http or https, it just drops it.

    I mean you get a few ports UDP/TCP you can use for any application.
    Using a random port for a web application brings up issues, such as firewalls blocking it etc.

    Thanked by (1)vimalware
  • milkboymilkboy OG
    edited December 2019

    @kalepond what do you intent to use it for exactly?
    Cant you use other ports?

    NAT VPS are dirt cheap. its worth to get one and learn about it.

  • @milkboy said:
    @kalepond what do you intent to use it for exactly?
    Cant you use other ports?

    NAT VPS are dirt cheap. its worth to get one and learn about it.

    True, I will get one and learn about it.

    I wantd to try v2ray + CF to see if it can be useful somehow, lot of people claimed greater network speeds.

  • @kalepond said:

    @milkboy said:
    @kalepond what do you intent to use it for exactly?
    Cant you use other ports?

    NAT VPS are dirt cheap. its worth to get one and learn about it.

    True, I will get one and learn about it.

    I wantd to try v2ray + CF to see if it can be useful somehow, lot of people claimed greater network speeds.

    If using Cloudflare, why not Warp+?

  • DanielDaniel OG
    edited December 2019

    @kalepond said: and can only use IPv4

    Is this because your ISP doesn't offer IPv6? Write to them and complain (because all good ISPs should have native IPv6 now), then set up a TunnelBroker tunnel. https://tunnelbroker.net/

  • Sounds like the OP is from China.
    IPv6 deployment in China is mediocre. Carriers rather use CGNAT than IPv6.

    The all seeing eye sees everything...

  • @mikewazar said:

    @kalepond said:

    @milkboy said:
    @kalepond what do you intent to use it for exactly?
    Cant you use other ports?

    NAT VPS are dirt cheap. its worth to get one and learn about it.

    True, I will get one and learn about it.

    I wantd to try v2ray + CF to see if it can be useful somehow, lot of people claimed greater network speeds.

    If using Cloudflare, why not Warp+?

    I prefer to go self hosted to:
    Implement ad blocking
    learn something by doing it myself
    potentially bypass blocks / restrictions

  • DanielDaniel OG
    edited December 2019

    @terrorgen said: Sounds like the OP is from China.
    IPv6 deployment in China is mediocre. Carriers rather use CGNAT than IPv6.

    Huh, interesting. It's basically the opposite in the USA - some providers are heavily pushing IPv6 in order to avoid having to implement CGNAT. For example, over 95% of traffic through T-mobile's network uses IPv6. Modern phones on the T-Mobile network only get an IPv6 address. They use 464XLAT to allow connections to legacy IPv4-only services (source: https://pc.nanog.org/static/published/meetings/NANOG73/1645/20180625_Lagerholm_T-Mobile_S_Journey_To_v1.pdf PDF)

  • @Daniel said:

    @terrorgen said: Sounds like the OP is from China.
    IPv6 deployment in China is mediocre. Carriers rather use CGNAT than IPv6.

    Huh, interesting. It's basically the opposite in the USA - some providers are heavily pushing IPv6 in order to avoid having to implement CGNAT. For example, over 95% of traffic through T-mobile's network uses IPv6. Modern phones on the T-Mobile network only get an IPv6 address. They use 464XLAT to allow connections to legacy IPv4-only services (source: https://pc.nanog.org/static/published/meetings/NANOG73/1645/20180625_Lagerholm_T-Mobile_S_Journey_To_v1.pdf PDF)

    Shhh... The GFW doesn't work on ipv6.

    Thanked by (1)Janevski

    The all seeing eye sees everything...

  • edited December 2019

    @kalepond said:

    @milkboy said:
    @kalepond what do you intent to use it for exactly?
    Cant you use other ports?

    NAT VPS are dirt cheap. its worth to get one and learn about it.

    True, I will get one and learn about it.

    I wantd to try v2ray + CF to see if it can be useful somehow, lot of people claimed greater network speeds.

    Cloudflare supports IPv6 so there should be no problem, I've already done that setup on NAT VPS before.

  • @Daniel said:

    @kalepond said: and can only use IPv4

    Is this because your ISP doesn't offer IPv6? Write to them and complain (because all good ISPs should have native IPv6 now), then set up a TunnelBroker tunnel. https://tunnelbroker.net/

    Many of us have little choices in ISP ipv6 implementation, & dont have the number to force them to change.
    Where im from, consumer ISP prefer to use CGNAT than upgrading their network. since its cheaper.
    And their transit network is crap.
    FYI this is the best isp locally, so there is no point changing it.
    Its cheaper and faster to get overseas hosting and vps to work around this issue.

    Pepperooney said: I wantd to try v2ray + CF to see if it can be useful somehow, lot of people claimed greater network speeds.

    Yes, it will have better network speed if your ISP is crappy like mine.

Sign In or Register to comment.