Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Forums2degrees (including Slingshot, Orcon, Flip, Stuff Fibre, 2talk and Vocus)Reverse proxy using Pfsense HAProxy and Cloudflare behind CGNAT
gumdigger

428 posts

Ultimate Geek


#295753 20-Apr-2022 18:54
Send private message

I had a go at this and it hasn't worked in the first go, wondering if CGNAT complicate things?

Create new topic
Linux
9040 posts

Uber Geek

Trusted
Lifetime subscriber

  #2904524 20-Apr-2022 19:07
Send private message

Request a static IP and test

Affiliate link
 
 
 

Affiliate link: Norton 360 antivirus provides enhanced security for your connected devices, a secure VPN for online privacy, Password Manager, Firewall, SafeCam, PC Cloud Backup, Dark Web Monitoring, Parental Control, and more. An all-in-one cybersecurity solution backed by 100% Virus Protection Promise and 60 Day Money Back Guarantee.
freitasm
BDFL - Memuneh
74059 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #2904538 20-Apr-2022 19:24
Send private message

What are you trying to achieve?




Support Geekzone by subscribing, making a donation. or using one of our referral links: Sharesies | Goodsync  | Mighty Ape | Norton 360 | Lenovo laptops 

 

freitasm on Keybase | My technology disclosure | Geekzone Blockchain Project

 

 

 

 

 

 

prat33k
114 posts

Master Geek


  #2904548 20-Apr-2022 19:44
Send private message

As others have mentioned, public facing static IP is required to achieve this. Either you ask 2degrees or do something like this below to create an outbound connection from your local network.

 

 

 

I can suggest something like this which is also free - 

 

- Sign up for free tier on oracle cloud. You can then setup a free linux box with a public IP for free. (If you think the specs are too low for this free tier vm then I can suggest $5 vm on linode.com)

 

- Setup Reverse Proxy and wireguard.

 

- On your local network, setup wireguard to connect to the cloud vm. 

 

- Route the requests from your vm to your local network using proxy and wireguard. 

 

Most things would work using this method but can't say for sure as you haven't mentioned your purpose for this.

 

 



aseni
51 posts

Master Geek


  #2904668 21-Apr-2022 09:13
Send private message

gumdigger:

 

I had a go at this and it hasn't worked in the first go, wondering if CGNAT complicate things?

 

 

CGNAT won't allow incoming connections to your public IP address because it's shared with multiple customers.

 

You can use Cloudflare Tunnel or ngrok to get around this.

 

 

 

Forgot to mention this:

 

Alternatively, you can use the server IPv6 address as the origin for Cloudflare, but you will need to update the configuration every time the address changes (not sure how often it happens on 2D as I use static, but could get a bit annoying).

freitasm
BDFL - Memuneh
74059 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #2904715 21-Apr-2022 09:16
Send private message

aseni:

 

gumdigger:

 

I had a go at this and it hasn't worked in the first go, wondering if CGNAT complicate things?

 

 

CGNAT won't allow incoming connections to your public IP address because it's shared with multiple customers.

 

You can use Cloudflare Tunnel or ngrok to get around this.

 

 

That's why I asked @gumdigger what they want to achieve. It's the first question we should be asking. I can imagine but we are not certain because of no reply yet. But if they want external access to an internal service, Cloudflare Tunnel is most likely the answer. And free.




Support Geekzone by subscribing, making a donation. or using one of our referral links: Sharesies | Goodsync  | Mighty Ape | Norton 360 | Lenovo laptops 

 

freitasm on Keybase | My technology disclosure | Geekzone Blockchain Project

 

 

 

 

 

 

gumdigger

428 posts

Ultimate Geek


  #2904857 21-Apr-2022 14:20
Send private message

Hi All

 

solely for remote access to DVR WebUi, Heimdall etc. I use the free version of ngrok which works fine which is why I thought having a registered domain and standing up reverse proxy using PFsense+HA will work. 

aseni
51 posts

Master Geek


  #2904873 21-Apr-2022 15:11
Send private message

gumdigger:

 

solely for remote access to DVR WebUi, Heimdall etc. I use the free version of ngrok which works fine which is why I thought having a registered domain and standing up reverse proxy using PFsense+HA will work. 

 

 

ZeroTier might be a better option for you then, unless you REALLY need those publicly accessible on the Internet... 😬



gumdigger

428 posts

Ultimate Geek


  #2905032 21-Apr-2022 17:46
Send private message

are there any ngrok type solutions that allow you to use your own domain name, preferably free ? 

aseni
51 posts

Master Geek


  #2905033 21-Apr-2022 17:50
Send private message

gumdigger:

 

are there any ngrok type solutions that allow you to use your own domain name, preferably free ? 

 

 

Cloudflare Tunnel like I mentioned, just make sure you have proper security set up so your cameras don't end up on the Shodan.io gallery... 😅

michaelmurfy
/dev/ttys0
11000 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #2905046 21-Apr-2022 18:46
Send private message

Cloudflare Tunnel + Cloudflare Zero Trust Access.

 

Basically you install a service on your Linux box and this creates a connection over to Cloudflare. It is free of charge also for your use-case. Cloudflare Zero Trust is a great product that allows you to secure hosted applications with auth - for example, I have Wordpress Admin on my site secured with Google Auth using this service.




Michael Murphy | https://murfy.nz | https://keybase.io/michaelmurfy - Referral Links: Sharesies | Electric Kiwi
Are you happy with what you get from Geekzone? Please consider supporting us by making a donation.

Create new topic





News and reviews »

Huawei Introduces Watch Fit 2
Posted 14-Jul-2022 17:06

Huawei Launches Watch D in New Zealand
Posted 14-Jul-2022 17:05

Spark announces sale of 70% of TowerCo
Posted 12-Jul-2022 08:46

D-Link G415 4G Smart Router Review
Posted 27-Jun-2022 17:24

New Zealand Video Game Sales Reaches $540 Million
Posted 26-Jun-2022 14:49

GitHub Copilot Generally Available to All Developers
Posted 26-Jun-2022 14:37

Logitech G Introduces the New Astro A10 Headset
Posted 26-Jun-2022 14:20

Fitbit introduces Sleep Profiles
Posted 26-Jun-2022 14:11

Synology Introduces FlashStation FS3410
Posted 26-Jun-2022 14:04

Intel Arc A380 Graphics First Available in China
Posted 15-Jun-2022 17:08

JBL Introduces PartyBox Encore Essential Speaker
Posted 15-Jun-2022 17:05

New TVNZ+ streaming brand launches
Posted 13-Jun-2022 08:35

Chromecast With Google TV Review
Posted 10-Jun-2022 17:10

Xbox Gaming on Your Samsung Smart TV No Console Required
Posted 10-Jun-2022 00:01

Xbox Cloud Gaming Now Available in New Zealand
Posted 10-Jun-2022 00:01








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







GoodSync is the easiest file sync and backup for Windows and Mac



RSS feeds
Main feed
Forums feed
Copyright
©2002-2022 Geekzone®
Site features
Geekzone Badges
Geekzone Slack
Geekzone on Twitter
Affiliate links
Mighty Ape
Sharesies
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright


This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 