Can I Port Forward with CGNAT?

Greetings! I've become extensively obsessed with port forwarding this week. However, I find myself unable to ascertain a suitable solution that could potentially circumvent the inherent limitation associated with machines connected to Carrier-Grade Network Address Translation (CGNAT). It is my understanding that one could employ a Virtual Private Server (VPS) to facilitate port forwarding or utilize Ngrok. Nevertheless, I am confronted with two specific constraints:

Financial constraint: I am unable to allocate any funds towards bypassing CGNAT.

Comprehensive port forwarding access: I desire unrestricted utilization of port forwarding capabilities, not limited solely to web servers or local hosting.

I kindly request your assistance in providing any potential resolutions to this predicament.

Comments

  • the only way you'll be able to have an incoming port while on CG-NAT is to use a VPN that allows for forwarding, or setup your own VPN on a VPS and have them forwarded only without outgoing NAT (Oracle Cloud Free-tier more than enough)

  • @randumbguy said:
    Financial constraint: I am unable to allocate any funds towards bypassing CGNAT.

    No funds, no bypassing. I can think of some ways to solve this but none of them is free.

    Thanked by (1)SeederKun

    dnscry.pt - Public DNSCrypt resolvers hosted by LowEnd providers • Need a free NAT LXC? -> https://microlxc.net/

  • @Brueggus said:

    @randumbguy said:
    Financial constraint: I am unable to allocate any funds towards bypassing CGNAT.

    No funds, no bypassing. I can think of some ways to solve this but none of them is free.

    You can do that as long as you have ssh access to a server that has ports available. What you do is forward your local port so anyone reaching the server will get redirected to your local machine through the port running on the server.

    So if you want to forward the port 8080 on your server with IP 123.45.67.89 to your local port 80, you use the command

    ssh -R 8080:localhost:80 [email protected]
    

    And as long as the ssh connection is open, the port forwarding works.

    Thanked by (3)jmaxwell sh97 Ympker
  • You can use cloudflare tunnels potentially. Though not sure how much traffic they'll let you move through it.

    Else move to different ISP or use a VPS as you say

    Thanked by (1)yoursunny
  • @somik said:
    So if you want to forward the port 8080 on your server with IP 123.45.67.89 to your local port 80, you use the command
    ssh -R 8080:localhost:80 [email protected]
    And as long as the ssh connection is open, the port forwarding works.

    By default, ports forwarded via ssh -R are on reachable from the server locally.
    To have them publicly accessible, the SSH daemon must have GatewayPorts option enabled.

    Webhosting24 aff best VPS; ServerFactory aff best VDS; Cloudie best ASN; Huel aff best brotein.

  • If you only need your devices to access the server inside CGNAT. check out "ZeroTier" or "Tailscale"

    Thanked by (1)Ympker
  • @yoursunny said:

    @somik said:
    So if you want to forward the port 8080 on your server with IP 123.45.67.89 to your local port 80, you use the command
    ssh -R 8080:localhost:80 [email protected]
    And as long as the ssh connection is open, the port forwarding works.

    By default, ports forwarded via ssh -R are on reachable from the server locally.
    To have them publicly accessible, the SSH daemon must have GatewayPorts option enabled.

    I normally just use a nginx proxy to redirect a domain to the internal port, so missed that out. Good catch! Thanks!

    Yes, you need to set GatewayPorts yes in your /etc/ssh/sshd config file on your remote server.

  • YmpkerYmpker OGContent Writer
    edited May 2023

    ZeroTier is free and works great for me so far (Plex) :)

  • @randumbguy said:
    Financial constraint: I am unable to allocate any funds towards bypassing CGNAT.

    Do you have a public ipv6 subnet routed to your router? If yes, you could also port forward to the public ipv6 address

  • I use wireguard for this. Tailscale is probably easier to use.

  • edited May 2023

    using tor or i2p as tunnel. i2p tunnel can be set to 1 hop(iirc) for smaller latency. Idk about tor.

  • You need a Public IPv4 if you want other people to access your services. eventually you will have to pay for a VPN that allows port forwarding or a VPS with a Dedicated IP.

  • Have any public IPv6 address available?
    If not, you can request for your ISP.

Sign In or Register to comment.