I’m a beginner in networking things but due to my ISP I can only open a certain range of ports in my router to be accessible from the outside of my network (something like ports 11000-11500).
That means I can’t open port 443 to access my reverse proxy from the outside. Is it possible to redirect all traffic that’s coming from one of the ports in the range to port 443 of my server?
I haven’t found that possibility in my router (Fritzbox 7530) so is there a way to do this on my server (running Fedora Server)?
You must log in or register to comment.
Get a cheap VPS on digital ocean, and make a wireguard tunnel from there to your server. Then you don’t need any open ports on your home network
This is what I do. I have a VPS that handles all the 443 traffic and then proxies it back to my home server on the correct port. I also just serve some things directly from the VPS since I have it already. It also works well to have a second box for things like uptime monitoring.
And one can prototype this for free by using something like localhost.run or ngrok.com
At the firewall level, port forwarding forwards traffic bound for one port to another machine on your network on an arbitrary port, but the UI built on top of it in your router may not include this.
If it’s not an option in your Fritzbox, your options are:
- Make the service running on your internal network listen on one of those high-number ports instead.
- Introduce another machine on the network that also performs NAT between your router and your machine
- Try to access the underlying firewall in your router to tweak the rules manually. Some routers have an admin console accessible via telnet or SSH that may allow this.
- Get a new router.
The first and last options on this list are probably the best.
What exactly are you serving? Chances are you can change the listening port.
Yes that is possible. You can select in the UI that port A forwards to local Host B to Port B.
deleted by creator
You could’ve only posted less info if you hadn’t posted at all…
Edit: Anyone who downvotes me here: This comment I commented doesn’t specifiy which UI of which software therefore it’s a pretty useless comment.
- you are not entitled to an answer by anyone.
- you are already there. Your router does support that, you just need to select it in the UI.
deleted by creator
The reasonable way to approach this problem would have been to ask a follow up question, rather than bitching at someone for not answer in the exact format you required. You’re the beggar here, you get zero fucking say in how much or how little people choose to help you.
So, here’s a page from the online manual that specifies how to do this specifically for the FritzBox 7530
Based on the original post though I am 100% sure that OP has already seen this page, already tried it, and therefore knows that the warning under 2.10.b. applies to the OP’s case (i.e. FritzBox doesn’t allow it from UI because the ISP doesn’t allow it - that honestly had me wondering just how the FritzBox knows the ISP doesn’t allow it, but that’s a different topic).
that honestly had me wondering just how the FritzBox knows the ISP doesn’t allow it, but that’s a different topic
Because the Fritzbox uses a DS-Lite tunnel.
Because the Fritzbox uses a DS-Lite tunnel.
Thanks, that pointed me in the right direction!
If I’m understanding https://en.avm.de/service/knowledge-base/dok/FRITZ-Box-3490/1611_What-is-DS-Lite-and-how-does-it-work/ and https://superuser.com/questions/1301857/using-pcp-port-control-protocol-in-practice correctly it seems that it’s technically via PCP (Port Control Protocol) that this is known, rather than DS Lite per se, but also that PCP only comes into play here because DS Lite is being used.
(Why point out the distinction? For future readers. I can imagine some braindead ISP somewhere (likely a super cheap reseller) offering DS Lite but then not knowing about PCP, and either not offering port forwarding at all - or they do but you have to fill out a form and snail mail them and then they snail mail you back a printed letter containing a list of port mappings.)
Short answer, yes, you can forward port 11500 to port 443, but it means you’ll have to go to www.yourdomain.com:11500 and this may or may not work great with you applications inside the network depending on how they are set to run.
That’s what I thought.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters IP Internet Protocol NAT Network Address Translation SSH Secure Shell for remote terminal access VPS Virtual Private Server (opposed to shared hosting)
[Thread #949 for this sub, first seen 3rd Sep 2024, 14:45] [FAQ] [Full list] [Contact] [Source code]
If you are hosting for yourself, you can use something like Tailscale to access your server from outside.
