17

I'm a beginner in networking things but due to my ISP I can only open a certain range of ports in my router to be accessible from the outside of my network (something like ports 11000-11500).

That means I can't open port 443 to access my reverse proxy from the outside. Is it possible to redirect all traffic that's coming from one of the ports in the range to port 443 of my server?

I haven't found that possibility in my router (Fritzbox 7530) so is there a way to do this on my server (running Fedora Server)?

all 18 comments
sorted by: hot top controversial new old
[-] funkajunk@lemm.ee 17 points 2 months ago

Get a cheap VPS on digital ocean, and make a wireguard tunnel from there to your server. Then you don't need any open ports on your home network

[-] wjs018@lemmy.world 2 points 2 months ago

This is what I do. I have a VPS that handles all the 443 traffic and then proxies it back to my home server on the correct port. I also just serve some things directly from the VPS since I have it already. It also works well to have a second box for things like uptime monitoring.

And one can prototype this for free by using something like localhost.run or ngrok.com

[-] danielquinn@lemmy.ca 6 points 2 months ago

At the firewall level, port forwarding forwards traffic bound for one port to another machine on your network on an arbitrary port, but the UI built on top of it in your router may not include this.

If it's not an option in your Fritzbox, your options are:

  • Make the service running on your internal network listen on one of those high-number ports instead.
  • Introduce another machine on the network that also performs NAT between your router and your machine
  • Try to access the underlying firewall in your router to tweak the rules manually. Some routers have an admin console accessible via telnet or SSH that may allow this.
  • Get a new router.

The first and last options on this list are probably the best.

[-] 0x0@programming.dev 5 points 2 months ago

What exactly are you serving? Chances are you can change the listening port.

[-] ShortN0te@lemmy.ml 5 points 2 months ago

Yes that is possible. You can select in the UI that port A forwards to local Host B to Port B.

[-] lorentz@feddit.it 4 points 2 months ago

Yes, you can do it on your server with a simple iptable rule.

I'm a little rusted, but something like this should work.

iptables -t nat -A PREROUTING -d [your IP] -p tcp --dport 11500 -j DNAT --to-destination [your IP:443]

You can find more information searching for "iptables dnat". What you are saying here is: in the prerouting table (ie: before we decide what to do with this packet) tcp connections to my IP at the port 11500 must be forwarded to my IP at port 443.

[-] nichtburningturtle@feddit.org 2 points 2 months ago

If you are hosting for yourself, you can use something like Tailscale to access your server from outside.

[-] Decronym@lemmy.decronym.xyz 2 points 2 months ago* (last edited 2 months ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
IP Internet Protocol
NAT Network Address Translation
SSH Secure Shell for remote terminal access
VPS Virtual Private Server (opposed to shared hosting)

[Thread #949 for this sub, first seen 3rd Sep 2024, 14:45] [FAQ] [Full list] [Contact] [Source code]

[-] bmcgonag@lemmy.world 2 points 2 months ago

Short answer, yes, you can forward port 11500 to port 443, but it means you’ll have to go to www.yourdomain.com:11500 and this may or may not work great with you applications inside the network depending on how they are set to run.

[-] Tywele@lemmy.dbzer0.com 0 points 2 months ago

That's what I thought.

this post was submitted on 03 Sep 2024
17 points (75.8% liked)

Selfhosted

39905 readers
319 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS