Hi. I have just started my journey. How do I direct incoming traffic to my minipc? I have received a static ip from my isp but their router does not have any settings exposed to end users. Is this possible to do without touching the router?
Edit: Thanks all for valuable feedbacks. The router they provided had a different superadmin account which had the settings like NAT, DMZ etc. Also it is able to work in bridge mode. So I can add my own router if I need some additional functionality. Will be tinkering a lot in coming days. So hopefully, I get some more insights into it.
By default a router would reject all incoming connections. Your alternatives are:
- Configure the ISP router to forward a port.
- Configure the ISP router to set your own router or PC as DMZ, which means forwarding all connections.
- Configure the ISP router to work in bridge mode rather than router mode, meaning it will act as if it wasn’t there (but will still login to the ISP connection) and let your own router or PC handle things.
- If you cannot configure the ISP router in any way, only solution remains to replace it with your own router. Whether this will work depends on how it connects to the ISP (both the physical connection type and the login).
It doesn’t make sense for the ISP to allocate a static public IP without letting you make any configuration to use it, so perhaps talk to them to figure out your options.
In addition, you don’t need a static IP in order for you to get access to your home network. It helps if you don’t want to run a script to auto-update your DNS, but not required.
Focus on port forwarding because that’s going to be the key to getting secured access.
Thanks a lot for the info. It let me to the solution. Talking to ISP about above settings, I was made aware of another superadmin account for router that made it possible.
My ISP had the same problem, ultimately I was able to convince them to let me use my own router. In doing that, I was able to at first use a standard off the shelf router and later a pfsense firewall to handle NAT that exposed my servers to the outside world.
Before I was able to do that, I was pretty convinced I wasn’t going to be able to self host. There are other options, such as special VPNs for self-hosting, but that’s not really the point, is it?
I know there are higher orders of nerds than me who will have some supremely elegant solution, but you identified as a beginner, so here are my two cents:
Going the static IP route and directly exposing your server to the outside world is a potentially major security hazard unless you know what you’re doing. Especially when getting started, it may be a good idea to consider using a router with built in VPN capabilities for accessing your network remotely when you need SSH access, or other maintenance tools.
Media serving software like Plex and Jellyfin will be able to serve content without the VPN just fine, and it will keep your more vulnerable controls behind your network security as you are learning and getting things set up. As you get more experienced and ambitious, then you can consider exposing your setup to the outside world, but be sure to put in security safe guards so you don’t get brute forced by bots like a back alley cyborg hooker.
VPN routers are cheap, security breaches are not.
I consider myself at a somewhat moderate level of proficiency at this point, but I still use the VPN system for my server because I never have to worry about it. It takes two seconds to check the OpenVPN toggle if I’m away from home and need to restart something, but 99% of the time, the content servers just work and my major maintenance can wait until I’m on the same network.
That was very helpful info at this stage. Thanks a lot for this.
Glad it helped! I didn’t want to derail your plan if you knew what you were doing, but your question reminded me of when I was first starting, so I wanted to provide a beginner friendly solution in case you needed it.
Sorry just re-read your post. So the router they supplied does not have this setting? What make and model is it?
Thanks. I updated the post with more info. Its an unknown local brand which modifies chinese product. Some settings are still in chinese and there is no documentation.
Not sure about OP. Altice/Suddenlink doesn’t let you have access. The garbage modem/router/wifi combo they send out is locked down and they won’t give you access to the admin interface. Shitty comoany.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters DNS Domain Name Service/System IP Internet Protocol NAT Network Address Translation Plex Brand of media server package SSH Secure Shell for remote terminal access VPN Virtual Private Network
6 acronyms in this thread; the most compressed thread commented on today has 9 acronyms.
[Thread #233 for this sub, first seen 23rd Oct 2023, 13:15] [FAQ] [Full list] [Contact] [Source code]
You need to forward ports to your minipc, so it sounds like you need a different router.
Do you have a modem? You should be able to configure port forwarding in that