Can I Port Forward with CGNAT?
Greetings! I've become extensively obsessed with port forwarding this week. However, I find myself unable to ascertain a suitable solution that could potentially circumvent the inherent limitation associated with machines connected to Carrier-Grade Network Address Translation (CGNAT). It is my understanding that one could employ a Virtual Private Server (VPS) to facilitate port forwarding or utilize Ngrok. Nevertheless, I am confronted with two specific constraints:
Financial constraint: I am unable to allocate any funds towards bypassing CGNAT.
Comprehensive port forwarding access: I desire unrestricted utilization of port forwarding capabilities, not limited solely to web servers or local hosting.
I kindly request your assistance in providing any potential resolutions to this predicament.
Comments
the only way you'll be able to have an incoming port while on CG-NAT is to use a VPN that allows for forwarding, or setup your own VPN on a VPS and have them forwarded only without outgoing NAT (Oracle Cloud Free-tier more than enough)
No funds, no bypassing. I can think of some ways to solve this but none of them is free.
dnscry.pt - Public DNSCrypt resolvers hosted by LowEnd providers • Need a free NAT LXC? -> https://microlxc.net/
You can do that as long as you have ssh access to a server that has ports available. What you do is forward your local port so anyone reaching the server will get redirected to your local machine through the port running on the server.
So if you want to forward the port 8080 on your server with IP 123.45.67.89 to your local port 80, you use the command
And as long as the ssh connection is open, the port forwarding works.
It’s OK if you disagree with me. I can’t force you to be right!
IPv4: 32 bits of stress. IPv6: 128 bits of... well, more stress... Have anyone seen my subnet?
You can use cloudflare tunnels potentially. Though not sure how much traffic they'll let you move through it.
Else move to different ISP or use a VPS as you say
By default, ports forwarded via
ssh -R
are on reachable from the server locally.To have them publicly accessible, the SSH daemon must have GatewayPorts option enabled.
vps9
hostname is available. affbrrIf you only need your devices to access the server inside CGNAT. check out "ZeroTier" or "Tailscale"
I normally just use a nginx proxy to redirect a domain to the internal port, so missed that out. Good catch! Thanks!
Yes, you need to set
GatewayPorts yes
in your/etc/ssh/sshd
config file on your remote server.It’s OK if you disagree with me. I can’t force you to be right!
IPv4: 32 bits of stress. IPv6: 128 bits of... well, more stress... Have anyone seen my subnet?
ZeroTier is free and works great for me so far (Plex)
Ympker's VPN LTD Comparison, Uptime.is, Ympker's GitHub.
Do you have a public ipv6 subnet routed to your router? If yes, you could also port forward to the public ipv6 address
I use wireguard for this. Tailscale is probably easier to use.
using tor or i2p as tunnel. i2p tunnel can be set to 1 hop(iirc) for smaller latency. Idk about tor.
You need a Public IPv4 if you want other people to access your services. eventually you will have to pay for a VPN that allows port forwarding or a VPS with a Dedicated IP.
Have any public IPv6 address available?
If not, you can request for your ISP.