My isp dont allow to open ports

[WarLion]

Hi guys I got a problem I just change ISP today and I decide to open the port 8080 to access my domoticz via internet but I just find out my ISP don't allow to open any ports is a double Nat. Already call support and there's nothing they can do , my question is you guys know any other way to portforwarding on a rpi. Any software. I can use paid or free,

Thanks in advanced

[mpx2]

Remote Forwarding
https://www.ssh.com/ssh/tunneling/examp ... Forwarding

And you need to figure out how to reconnect your ssh connection automatically.


-------------------------------------------------

autossh
https://jerrygamblin.com/2016/04/23/per ... spberrypi/

[WarLion]

thanks @mpx2 i will take a look of that , also i was reading about vpn like airvpn , havent try yet , but reading the forum say they got problem with RPI , any one knows other one that can offer that but fuly working with Rpi?

thanks a lot

[FireWizard]

Hello WarLion,

I do not understand your question. Let me explain.
You say that your ISP does not allow you to open a port, in your case you want to open port 8080.
You talk also about double NAT.

If your RPi is installed in a network that is behind double NAT it means that the communication to the Internet has to pass two routers,
one probably owned by your ISP, the other one privately owned.
The ISP does not allow you to open port 8080 in his router, but what can you do in yours?

Another question
Is it a good plan to open port 8080, which is the http port for Domoticz, and so give the whole world access to your Domoticz?
I do not want to give everybody access to my sensor and switches.

Probably you do not want to open that port on your routers, but you want to do port forwarding from the outside world to your Domoticz.
That means that your outside port 80 is routed to port 8080 on your privately owned router. It's better but still a security issue.

I would recommend to configure a VPN server, e.g. on another Raspberry PI and that you create access to that VPN server to your local network.
Then you connect to your Domoticz. That is the way I do it.

See: http://www.pivpn.io

Another solution is to use MyDomoticz. See: https://www.domoticz.com/wiki/MyDomoticz

Regards

[oredin]

Hi,

Take a look at https://ngrok.com/. I tried it on a RPI B+ and it worked like a charm. The paid version allows you to use a fixed domain name if you want.

I don't use it anymore since I have my own vpn network but the product is quite nice from what I saw.

Regards

[WarLion]

If your RPi is installed in a network that is behind double NAT it means that the communication to the Internet has to pass two routers,
one probably owned by your ISP, the other one privately owned.
The ISP does not allow you to open port 8080 in his router, but what can you do in yours?

Another question
Is it a good plan to open port 8080, which is the http port for Domoticz, and so give the whole world access to your Domoticz?
Another solution is to use MyDomoticz. See: https://www.domoticz.com/wiki/MyDomoticz

Regards

hi @FireWizard
thanks for you reply

answering your question about my double nat that's correct , in my country many ISP had this configuration only one offer full access , i got that on my house, and works amazing , but i need one for a remote location ,

i know about security issue about giving access to the world, but this is a concept first if i can manage this,

about the vpn server i just finish researching vultr.com and i think i got it , will try that on a different rpi , to test just now

i will have a look on PIVPN thanks for the subjection

about mydomoticz i use mydomoticz before and works great but i find out that is down frequently , so i stop using it,

[WarLion]

Hi,

Take a look at https://ngrok.com/. I tried it on a RPI B+ and it worked like a charm. The paid version allows you to use a fixed domain name if you want.

I don't use it anymore since I have my own vpn network but the product is quite nice from what I saw.

Regards

hi @oredin thanks for the info i will look at it as well

thanks a lot you guys

[knielen]

Maybe your ISP does allow you to put the modem in bridge mode and then you can use your own router for port forwarding

[emme]

who's the provider?
in Italy we have a provider (Fastweb) that uses NAT_pool

The solution is to ask your provider a public IP directly configured to your router (that's normally configured as an alias), after such config, you will be able to open NAT

If you have a 3/4G connection, you are probably in this condition.

If you use Vodafone with Huawei IAD, they revoked ports 8080,8088, 9090, more, you cannot access your LAN using your dDNS (you cannot access your LAN form your LAN using your external Address), this is quite annoying in case you want to create SSL certificates

[Solderbro]

That's interesting, have a DS-Lite Line here. Where IPv4 is a tunnel trough a CGNAT server at the carrier who also did not forward any ports to me. But the IPv6 is a real end2end line and with a pinhole in my own router it would be possible to reach an open port.

Many phone carrier give dualstack to mobile phones, only the APN must be changed.

The stable seems to deal with IPv6, i can say that it do or prefer it here

2019-07-22 17:48:17.211 Status: Login successful from fd68:1405:xxxx:xxxx::140 for user 'username'
2019-07-22 17:48:17.211 Status: Incoming connection from: fd68:1405:xxxx:xxxx::140

Solderbro