20
submitted 3 months ago* (last edited 3 months ago) by tomsh@lemmy.world to c/selfhosted@lemmy.world

Hello,

I have a Nextcloud server installed at home that works well on my LAN network, but when I try to make the server accessible via a DynDNS service, I cannot connect to it. The request doesn't even reach my server. My question is whether the router immediately blocks the request, because when I set the router to be accessible (it has separately that option), I can connect without any issues over dyndns url. Could my ISP (O2) be blocking it? I can confirm that it's not a firewall issue, and it's also not because I'm connected to the same WiFi as the server. It's not a port forwarding issue either, as I've gone through all possible options. My router is a Fritzbox 6660, and there are no logs indicating that a request has even come through.

My second question is whether this is even allowed in Germany? Also, I've noticed that my ISP rarely changes my IP address; in fact, I haven't seen it change at all in the past few months, which is strange because in my home country, it changed every 24 hours.

Edit: First, thank you all for your help. I will try your suggestions over the course of this week or month (due to time-related issues :) and will report back with the results. Since I am clearly a noob when it comes to self-hosting and I plan to have only a Nextcloud server for personal use, what is the best way to secure the system in these situations and allow only certain devices to access it over the external network? (if I ever manage to access it at all)

top 28 comments
sorted by: hot top controversial new old
[-] fiddlesticks@lemmy.dbzer0.com 8 points 3 months ago

Having been in this same position I think I can help, you are almost definitely being cgnat which means that you do not have your own ipv4. The two workarounds I used for this are to use only ipv6 which is public but means you can't always access it from older networks. And the second solution is to wireguard tunnel to a free oracle VM and use it as a proxy.

[-] hendrik@palaver.p3x.de 7 points 3 months ago* (last edited 3 months ago)

If you google it, you'll find lots of similar questions for O2. I think you have to contact their customer support and get that activated once.

And have a look at your IPv4 and IPv6 addresses. Sometimes you can do it via IPv6 already, just not over IPv4 because there is some translation in the way. (In case they want too much money to give you a real IPv4 address.)

Maybe you can try if you can open your FritzBox UI from the outside with your my.fritz address. I think that has IPv6 and a port forward in place (if activated).

And btw: It's perfectly fine to do it. People need storage and online collaboration. Access to their data while away.

[-] Appoxo@lemmy.dbzer0.com 1 points 3 months ago

The myfritz can communicate with the fritzbox but trying to connect directly (as it's not proxied) from IPv4 only will fail as well.

[-] hendrik@palaver.p3x.de 1 points 3 months ago

Isn't myfritz plain old IPv6 directly to the router without any proxying or tunneling? If yes, communication would mean IPv6 packets make their way through the ISP to the router.

[-] Appoxo@lemmy.dbzer0.com 1 points 3 months ago

Depends.
If you connect to the MyFritz proxy service (https://sso.myfritz.net/) from AVM, then no
If you access your own myfritz adress, then yes. (https://example123987wpvor.myfritz.net:12345)

But the only thing the myfritz page from AVM does is enable you to access some functions from the fritzbox like smart home stuff, your internet connection (type of connection, public IP, etc.)

[-] hendrik@palaver.p3x.de 1 points 3 months ago

Ah okay. I don't have a Fritzbox here. I suppose that does the trick. My idea was to use that to test if incoming IPv6 works. So disregard any services on the Fritzbox itself and just see if you can access it directly. And if yes, configure an IPv6 port forward to the NAS.

[-] Appoxo@lemmy.dbzer0.com 1 points 3 months ago

Moat likely.

[-] Cobrachicken@lemmy.world 7 points 3 months ago

Some German cable providers do internal NATting please check that yours does not.

[-] Appoxo@lemmy.dbzer0.com 2 points 3 months ago
[-] NeoNachtwaechter@lemmy.world 6 points 3 months ago

even allowed in Germany?

Yes.

works well on my LAN network, but when I try to make the server accessible via a DynDNS service

I guess your Fritzbox does NAT for your LAN. Then the dyndns address works only when the client is outside.

[-] Decronym@lemmy.decronym.xyz 5 points 3 months ago* (last edited 3 months ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
CGNAT Carrier-Grade NAT
DNS Domain Name Service/System
IP Internet Protocol
NAS Network-Attached Storage
NAT Network Address Translation

5 acronyms in this thread; the most compressed thread commented on today has 6 acronyms.

[Thread #950 for this sub, first seen 4th Sep 2024, 05:35] [FAQ] [Full list] [Contact] [Source code]

[-] blurry@feddit.org 5 points 3 months ago

Does your router indicate that you have DS-Light? I think O2 provides each customer DS-Light until they ask for a real IPv4.

To your second question: In case of DS-Light you don't need a new IPv4 IP every 24h because your IP is not public facing.

PS: I don't be sure, but the Fritz Remote Apps use IPv6 to ensure that they also work with DS-Light.

[-] anivia@lemmy.ml 5 points 3 months ago

Do you have o2 DSL, o2 fiber, or o2 cable/coax Internet? O2 cable does not have a public IPV4 address by default, you need to request one from customer service.

[-] filister@lemmy.world 4 points 3 months ago* (last edited 3 months ago)

Most likely you are under CGNAT, so your best bet is Tailscale, Wireguard, CloudFlare Tunnel or Zero Tier. Pick your poison.

[-] Appoxo@lemmy.dbzer0.com 2 points 3 months ago

Wireguard will only work if the cellular or ISP at, say the workplace, have an IPv6 adress or IPv4-to-6 translation

[-] filister@lemmy.world 1 points 3 months ago

Usually German ISPs are giving you IPv6.

[-] Appoxo@lemmy.dbzer0.com 1 points 3 months ago

This so much of a lie.
Only the usual suspects (new fiber ISPs, Vodafone/KabelBW and O₂) do and usually on the coax and fiber contracts.

[-] filister@lemmy.world 1 points 3 months ago

And that's the biggest ISPs, plus he can still use Tailscale or Zerotier and still be able to access his network. Plus IPv6 IPs should be easy to assign and won't be paid or limited.

[-] Appoxo@lemmy.dbzer0.com 2 points 3 months ago

You checked if you have a DS-Lite contract? Those are very popular. Especially with O2, Vodafone and the fiber ISPs.
The problem: You get only an IPv4 CG-NAT IP and a regular IPv6 IP. If your ISP (for example at work) did not configure an IPv6, you will not be able to connect (A and AAAA DNS records).
I assume you set up the port forwarding in your Fritzbox (under Internet > Freigaben > Portfreigaben)?
If it has the proper external port connected to your internal port it should connect.

[-] BentiGorlich@gehirneimer.de 2 points 3 months ago

I had the exact same problem and the solution was to ask my ISP who then either just gave me a public IP (Vodafone) or asked for money so my network could be reached from the outside (Primerocom). So check whether there is an option with you ISP to get a "public" IP.

[-] MaggiWuerze@feddit.org 2 points 3 months ago

Can you ping your domain? How about checking the DNS resolution? What DynDns do you use?

[-] Shimitar@feddit.it 1 points 3 months ago

You get a real IP? Its been cg-nat with every provider for the last many many years in Italy.

I got a cheap vps and just run some reverse tunnels to map ports from it to my home server going trough my cg-nat.

[-] tomsh@lemmy.world 1 points 3 months ago

The problem was with DS-Lite tunneling, as some users mentioned, and it only works over IPv6. However, now I have another issue. My entire family has access through their ISPs, but my cellular data ISP does not support IPv6. Is there any workaround that doesn't require me to look for a new ISP or asking for IPv4 address? 😀 By the way, thanks to everyone for the help!

[-] phlaym@discuss.tchncs.de 3 points 3 months ago

Had the same issue. I have a VM at a hoster which proxies requests to my nextcloud server at home. Both the VM and my server on my home network are connected via tailscale. I've been using the VM for other stuff as well and happened to have it anyways, I didn't get one just for this purpose

[-] tomsh@lemmy.world 1 points 3 months ago

Maybe I should first ask the cellular provider for IPv6, because I misspoke; they support it but haven't enabled it for me. If they provide it, then I won't currently have a need for IPv4, but thank you for the advice.

[-] mholiv@lemmy.world 2 points 3 months ago

i would just ask for an Ipv4 address. I asked Vodafone for one and they just gave it to me for free.

[-] wurstgulasch3000@lemmy.world 1 points 3 months ago* (last edited 3 months ago)

O2 charges 50 € for that last I heard

[-] mholiv@lemmy.world 1 points 3 months ago

That's insane. I would consider a ipv4 -> ipv6 cloud hosted haproxy style setup if this was my only option.

this post was submitted on 04 Sep 2024
20 points (95.5% liked)

Selfhosted

40767 readers
1623 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS