Specialized online space for fixed public IP port forwarding – enabling remote connections
Specialized online space for fixed public IP port forwarding – enabling remote connections
I reside in Indonesia, and things might vary there. What I need is to open a port so I can reach my server from afar. Since your ISP offers a modem/router, you should ask them to forward the port privately. They may say it’s only for private use, which blocks direct internet access. To bypass this, upgrading to a dedicated plan would be necessary—typically aimed at larger businesses and costly. Yet I already have CCTV access, so something feels off. Is this typical? Or is there another way? Another idea is using a VPN to connect to the server, but that also seems problematic. Perhaps it’s the same reason. Looking for advice on getting remote access. I might upgrade if required, but it doesn’t seem essential right now.
Avoid exposing webUI to the internet. These systems aren’t meant to face constant bot attacks. Consider Tailscale—a VPN that works without opening ports and bypasses CG-NAT or other NAT solutions.
We have used all available IPv4 addresses. Many ISPs in your area employ Carrier Grade NAT, which means you share an IP with numerous other users. Since port forwarding operates on a per-port basis, only one device can access each port at any given time.
Tailscale was my initial option as well, but it didn’t work out. This suggests there might be an issue. It could be because I’m using two routers with separate LANs, and one is interfering via the firewall. I plan to switch the second router into a bridge so only one LAN remains active.
I gathered a domain setup with Cloudflare CNAME and DuckDNS linked to it. Despite that, nothing appears. As discussed earlier, my plan is to set up a bridge network and check if it helps. I want to avoid port forwarding unless using Cloudflare or a VPN.
You have two routers to handle the complexity, but for Tailscale this shouldn’t be an issue. A standard VPN needs port forwarding, which a normal setup would require. The Cloudflare zero trust tunnel works too—it connects from your LAN to Cloudflare and then forwards traffic. It’s useful because it lets you manage access without changing your usual configuration. What are you actually trying to reach from the outside?
Tailscale functions well for connecting to a machine hosting the Tailscale server software. A Cloudflared private network is required to reach other devices on the local area network that can't run Tailscale. If the second router supports a VPN server, it might offer an alternative method to utilize your ISP's port forwarding to the main router, allowing access for all LAN clients.
You're asking about how to handle network connections without bridging. Let's simplify:
1. The idea is to avoid connecting directly between devices. Instead, you'd set up a VPN server on one router and forward traffic through it.
2. You mentioned using an RT-AC88U router, which is powerful. You're trying to run Tailscale on Unraid with the Tailscale app on your Windows device, enabling exit node mode.
3. Then you plan to forward ports from the ISP router to the second router that's handling the VPN. You're unsure whether you're targeting specific ports like 443 or Tailscale's own ports.
4. The goal is to let the ISP see only the router itself, not the devices on the second LAN, and ensure the correct protocol is used for the connection.
I might have misread your first message. You believed your ISP permitted port-forwarding through their CG-NAT setup so you could access a particular port on their shared public IP. However, upon rechecking, it appears their explanations were unclear, since port forwarding wouldn't matter if they can't do it via CG-NAT. That leads me back to Cloudflare Zero Trust.
Yesterday I achieved some progress. With Twingate it was extremely easy to configure. Gave me immediate remote access to the Unraid GUI. It lets me assign an IPV4 address that I used in the Unraid interface. Unfortunately, I’m still unable to replicate that with Nextcloud. The main issue I observed was that only specific ports were open on the assigned IPV4 range. Since my default port was 8666, I attempted to change it to a single or double digit number, but access remained blocked. I also tried implementing Cloudflare Zero Trust, which shares a similar architecture. However, it feels more complex and not as straightforward as Twingate. With Twingate you simply install their software on your device—whether Android or Windows—I just log in and it connects automatically. In both cases, I added the device as a Docker container in Unraid, which makes sense because it should connect to Unraid. But how do I link it to another Docker instance on Unraid? There must be a way to specify the target. I’m certain I’m doing something wrong. Also worth mentioning is that Cloudflare’s file transfer limit is 100MB, which seems to make this task impractical for me.