1

I have a ISP that provides me only the ports after 1024 so I forwarded the port 1665 to receive ssh connections. Using the WAN IP they provide me I can only get connections from users from the same ISP.
This looks like I am kinda "trapped" in a big LAN. In this case how can I receive ssh connections from outside this ISP?

Obs.: I unsuccessfully tried to use all the IPs given by https://myip.com.

Felipe Lincoln
  • 15
  • 3

2 Answers2

3

Most likely your operator is using Carrier Grade NAT to have more customers per public IP.

If your WAN address starts with 100.64 - 100.127, it means your operator is using CGNAT.

With CGNAT, it is impossible to host any services to public internet.

You need to either use IPv6 or switch to an operator that does not use CGNAT.

Tero Kilkanen
  • 36,796
  • 3
  • 41
  • 63
  • Looks like it's my case.. How can I work with IPv6 them? – Felipe Lincoln Jun 05 '20 at 14:23
  • Your operator needs to provide your IPv6 connectivity, and then you need to also have IPv6 connectivity on devices you want to use for connecting to your server. – Tero Kilkanen Jun 05 '20 at 15:17
  • I just contacted my operator and they deactivated the CGNAT for my router (this is what they told me, I don't really understand it much) and I finally managed to hold outside connections through ssh. – Felipe Lincoln Jun 05 '20 at 17:06
1

The big question is if you have a truly public IP assigned to you or are you behind your carrier's NAT. If it's the first, you should be able to connect to your router from anywhere outside of your network. You can see if it's a public IP or carrier NAT by looking through your router's configuration and checking if the public IP it has matches the one a "what's my ip" search would give you. NAT IPs usually start with 100.xxx.xxx.xxx. You can also call your ISP and tell them you need a public IP because you installed security cameras in your house and need to access them from the outside (this is actually really effective).

If there is no option to have a public IP for you, you can check out NGrok, they give you a "reverse tunnel" that enables you to connect to any host in any network.

Chris
  • 318
  • 1
  • 5
  • 1
    I am asking my ISP to provide me an public IP, let's see if I can get one. I didn't know NGrok and it match the exact behaviour I am trying to reach using ssh, I will give it a try. Thank you for the information! – Felipe Lincoln Jun 05 '20 at 14:26
  • 1
    Both your solutions works! Ngrok is the best way to get things done in seconds! And asking my provider also did work. They disabled CGNAT and now my WAN IP matchs my public IP and I am able to host a ssh server. – Felipe Lincoln Jun 05 '20 at 17:16