this post was submitted on 23 Oct 2023
19 points (91.3% liked)

Selfhosted

40201 readers
914 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

Hi. I have just started my journey. How do I direct incoming traffic to my minipc? I have received a static ip from my isp but their router does not have any settings exposed to end users. Is this possible to do without touching the router?

Edit: Thanks all for valuable feedbacks. The router they provided had a different superadmin account which had the settings like NAT, DMZ etc. Also it is able to work in bridge mode. So I can add my own router if I need some additional functionality. Will be tinkering a lot in coming days. So hopefully, I get some more insights into it.

top 13 comments
sorted by: hot top controversial new old
[–] lemmyvore@feddit.nl 17 points 1 year ago* (last edited 1 year ago) (2 children)

By default a router would reject all incoming connections. Your alternatives are:

  • Configure the ISP router to forward a port.
  • Configure the ISP router to set your own router or PC as DMZ, which means forwarding all connections.
  • Configure the ISP router to work in bridge mode rather than router mode, meaning it will act as if it wasn't there (but will still login to the ISP connection) and let your own router or PC handle things.
  • If you cannot configure the ISP router in any way, only solution remains to replace it with your own router. Whether this will work depends on how it connects to the ISP (both the physical connection type and the login).

It doesn't make sense for the ISP to allocate a static public IP without letting you make any configuration to use it, so perhaps talk to them to figure out your options.

[–] CosmicTurtle@lemmy.world 5 points 1 year ago

In addition, you don't need a static IP in order for you to get access to your home network. It helps if you don't want to run a script to auto-update your DNS, but not required.

Focus on port forwarding because that's going to be the key to getting secured access.

[–] droidfone@lemmy.world 4 points 1 year ago

Thanks a lot for the info. It let me to the solution. Talking to ISP about above settings, I was made aware of another superadmin account for router that made it possible.

[–] WeirdGoesPro@lemmy.dbzer0.com 3 points 1 year ago (1 children)

I know there are higher orders of nerds than me who will have some supremely elegant solution, but you identified as a beginner, so here are my two cents:

Going the static IP route and directly exposing your server to the outside world is a potentially major security hazard unless you know what you’re doing. Especially when getting started, it may be a good idea to consider using a router with built in VPN capabilities for accessing your network remotely when you need SSH access, or other maintenance tools.

Media serving software like Plex and Jellyfin will be able to serve content without the VPN just fine, and it will keep your more vulnerable controls behind your network security as you are learning and getting things set up. As you get more experienced and ambitious, then you can consider exposing your setup to the outside world, but be sure to put in security safe guards so you don’t get brute forced by bots like a back alley cyborg hooker.

VPN routers are cheap, security breaches are not.

I consider myself at a somewhat moderate level of proficiency at this point, but I still use the VPN system for my server because I never have to worry about it. It takes two seconds to check the OpenVPN toggle if I’m away from home and need to restart something, but 99% of the time, the content servers just work and my major maintenance can wait until I’m on the same network.

[–] droidfone@lemmy.world 2 points 1 year ago (1 children)

That was very helpful info at this stage. Thanks a lot for this.

[–] WeirdGoesPro@lemmy.dbzer0.com 1 points 1 year ago

Glad it helped! I didn’t want to derail your plan if you knew what you were doing, but your question reminded me of when I was first starting, so I wanted to provide a beginner friendly solution in case you needed it.

[–] sj_zero@lotide.fbxl.net 3 points 1 year ago

My ISP had the same problem, ultimately I was able to convince them to let me use my own router. In doing that, I was able to at first use a standard off the shelf router and later a pfsense firewall to handle NAT that exposed my servers to the outside world.

Before I was able to do that, I was pretty convinced I wasn't going to be able to self host. There are other options, such as special VPNs for self-hosting, but that's not really the point, is it?

[–] giddy@aussie.zone 2 points 1 year ago (2 children)

Sorry just re-read your post. So the router they supplied does not have this setting? What make and model is it?

[–] AtmaJnana@lemmy.world 1 points 1 year ago

Not sure about OP. Altice/Suddenlink doesn't let you have access. The garbage modem/router/wifi combo they send out is locked down and they won't give you access to the admin interface. Shitty comoany.

[–] droidfone@lemmy.world 1 points 1 year ago

Thanks. I updated the post with more info. Its an unknown local brand which modifies chinese product. Some settings are still in chinese and there is no documentation.

[–] Decronym@lemmy.decronym.xyz 1 points 1 year ago* (last edited 1 year ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
DNS Domain Name Service/System
IP Internet Protocol
NAT Network Address Translation
Plex Brand of media server package
SSH Secure Shell for remote terminal access
VPN Virtual Private Network

6 acronyms in this thread; the most compressed thread commented on today has 9 acronyms.

[Thread #233 for this sub, first seen 23rd Oct 2023, 13:15] [FAQ] [Full list] [Contact] [Source code]

[–] hperrin@lemmy.world 1 points 1 year ago

You need to forward ports to your minipc, so it sounds like you need a different router.

[–] giddy@aussie.zone 0 points 1 year ago

Do you have a modem? You should be able to configure port forwarding in that