If you've ever tried to host a web or game server, you might have noticed that it works fine on your local network, but accessing it from your public IP doesn’t work which is kinda frustrating. The internet is supposed to be an interconnected network of computers, right? So what's blocking the connection?
By default, most routers block all incoming connections for security reasons. You'll need to manually open (port forward) the required ports to your server This typically means going into your router’s settings and setting up a rule that directs traffic on a specific port to your server’s local IP address.
To check if your port is open, you can use websites like canyouseeme. or some command line tool if you're a nerd.
If you've already forwarded ports but it's still not working, there are two more possibilities:
Some ISPs block certain ports to reduce their abuse or enforce some policy—most commonly, SMTP (Port 25) and HTTP (Port 80).
You can try different ports or contact your ISP and ask if the ports are blocked. Some ISPs will unblock them if you ask nicely.
If your ISP uses CGNAT, you're sharing one public IP with multiple customers. It’s like NAT on your home router, but on a larger scale. You can check by comparing your router’s WAN IP address with your public IP. If they’re different, you’re likely behind CGNAT.
So what can you do?
This is where tunneling comes in. Tunneling forwards traffic from the internet to your server through a third-party server that does have a public IP. Nothing can stop you if you tunnel—not your router, nor your ISP.
You can either:
Check out this awesome list of tunneling applications and services
My favourite options that I personally use are:
It works really well, completely free with a couple of caveats:
Very easy to set up, can tunnel pretty much everything. You are limited to 2 agents, 4 UDP, and 4 TCP ports on the free plan.
VPN Provider Port Forwarding: If you're paying for a good VPN service, its possible that they offer port forwarding, it can be limited and your options are different between providers, it can be useful if your service is flexible with port numbers, like torrent clients.
VPS Proxy: If you own a VPS, instead of self hosting a tunneling server, you can use it as a proxy server to relay all of your traffic through it, and use its public IP as your own, this can be quite insecure as you're exposing all the ports on your device to the internet.
Be aware that this setup is not secure. Running numerous services on a publicly accessible network increases your exposure to potential hacks and exploits, especially if vulnerabilities exist in any of those services. To mitigate this risk, it's advisable to implement system hardening measures. Alternatively, if you're the only one accessing these services, consider setting up a VPN for secure remote access.