marsokod

ISP not offering port forwarding anymore

https://lemmy.world/post/802336

ISP not offering port forwarding anymore - Lemmy.world

Hello everyone, I would need some advice on my setup. I had an ISP with basic DSL 60/20Mbps and I was hosting my services at home with SWAG as a main proxy, opening the ports. I ordered 2 days ago a plan with a new ISP for a 1Gbps line, that offered port forwarding as well. The installation was done today and it turns out they retired the port forwarding on my offer yesterday. I can see potentially 3 choices: 1) stay with the old ISP and the slow-ish line. My main issue was the uplink speed that made off-site backup a pain 2) go with the new ISP but order the higher speed plan that is £25/month more expensive, and without a proper guarantee that they will keep offering the port forwarding 3) use the non-port forwarding option, but rent a small VPS that would act as a front-end (through zerotier/tailscale/direct wireguard), paying a small latency cost when accessing remotely. I am not fully sure about the pros and cons of the different ways on the last option. I would be kin on keeping my home server fully capable, the point of me self-hosting being to cope with temporary disconnection at home. But then you can either have an IP table routing in the VPS to forward everything on the used port, or have another nginx proxy there to redirect everything. And I am not fully sure VPS providers are generally OK with this kind of use. Has anyone got a similar setup to option 3 and would have some advices?

Jun 29, 2023 at 3:38pmWeb
Show threadSir_KevinJun 29, 2023
I would cancel the new ISP on principal. Fool me once shame on you, if they fool me twice it's on me. I wouldn't give them the opportunity to fuck me again.
Show threadmarsokodJun 29, 2023
Indeed, the way they did that makes me quite angry. But at the same time, that's 1Gbps vs 20Mbps upload, and I was struggling with the limitation when working from home sometimes. The one one is also cheaper so if the tunneling option works without too much pain, I'd be willing to give it a go.
Show threaderic5949Jun 29, 2023
I have TMobile internet so port forwarding as far as I can tell is not possible unless I go with a business plan and in my experience cloudflare tunnels are extremely slow
Show threadi_am_not_a_robotJun 29, 2023
Your ISP gives you 1Gbps but doesn’t give you your own IP so you need port forwarding?
Show threaddblsaikoJun 29, 2023

Do you have IPv6? Just let your service’s IP/port through the firewall.

(If you have no IPv6 but CGNAT, the ISP is bad…)

Show threadDaGeek247Jun 30, 2023
Have you considered keeping both plans? You said it was a different isp - dsl and fiber use different cables is it may be possible. Depending on what youre after, this may be a fun project for tying two lines together.
Show threadmarsokodJun 30, 2023
I did consider it, and I have not cancelled the old one yet. But that becomes more expensive than migrating to the higher end plan without CG NAt of the provider.
Show threadFaceman🇦🇺Jun 30, 2023
Do they not offer an opt-out of CG-NAT? or a surcharge for a static IP?
Show threadmarsokodJun 30, 2023
No dedicated opt-out offered, but I can migrate to the 3Gbps plan that is not using CG-NAT (for now...) But that is £25/month more expensive. That's a nice VPS.
Show threadFaceman🇦🇺Jun 30, 2023
I think 25 euro more for a 3gig non-cgnat plan is worth it. But I’m Australian and paying $150aud per month for 1000/50 (or $200 for 250/100 if i wanted) so I’m not the best judge of value. I’ve been long propagandised into thinking decent internet is a luxury for large tech corporations only.
Show threadchiisanaJun 30, 2023
Slap CloudFlare tunnel in front of your web services and call it a quits?
Cloudflare Tunnel · Cloudflare Zero Trust docs

Cloudflare Tunnel provides you with a secure way to connect your resources to Cloudflare without a publicly routable IP address. With Tunnel, you do …

Show threadKatrinaJun 30, 2023
I have about 25 letsencrypt certificates on the same domain, so that is definitely not an issue.
Show threadtvcvtJun 30, 2023

A couple thoughts for you. I have a wonderful local fiber ISP and when I got hooked up, I discovered they were doing CG-NAT on residential connections. I called up and asked if I could have a public IP to host services and they just immediately gave me one. Definitely not the stereotypical ISP interaction, but if you haven’t already tried asking politely, it might be worth a shot.

On the last item, yes, letsencrypt lets you get certs for the same domain from multiple hosts, but I’ll often use a self-signed cert on the host and then get the public-facing cert at the reverse proxy level. No need to coordinate copying certs over in most cases.

Show threadfedevJun 30, 2023
IPv6 is a viable option. Depending on how you set things up, you'd have to firewall the devices pretty good as in IPv6, devices are exposed to the internet. All open ports would be accessible.
Show threadklinkertinlegsJul 4, 2023
If your self-served stuff is just for you or family, I use tailscale for that. Nothing publicly enabled, have to be in the tailscale net to access.