Hello,
I have a Nextcloud server installed at home that works well on my LAN network, but when I try to make the server accessible via a DynDNS service, I cannot connect to it. The request doesn’t even reach my server. My question is whether the router immediately blocks the request, because when I set the router to be accessible (it has separately that option), I can connect without any issues over dyndns url. Could my ISP (O2) be blocking it? I can confirm that it’s not a firewall issue, and it’s also not because I’m connected to the same WiFi as the server. It’s not a port forwarding issue either, as I’ve gone through all possible options. My router is a Fritzbox 6660, and there are no logs indicating that a request has even come through.
My second question is whether this is even allowed in Germany? Also, I’ve noticed that my ISP rarely changes my IP address; in fact, I haven’t seen it change at all in the past few months, which is strange because in my home country, it changed every 24 hours.
Edit: First, thank you all for your help. I will try your suggestions over the course of this week or month (due to time-related issues :) and will report back with the results. Since I am clearly a noob when it comes to self-hosting and I plan to have only a Nextcloud server for personal use, what is the best way to secure the system in these situations and allow only certain devices to access it over the external network? (if I ever manage to access it at all)
You must log in or # to comment.
Some German cable providers do internal NATting please check that yours does not.
*CG-NAT
even allowed in Germany?
Yes.
works well on my LAN network, but when I try to make the server accessible via a DynDNS service
I guess your Fritzbox does NAT for your LAN. Then the dyndns address works only when the client is outside.
Having been in this same position I think I can help, you are almost definitely being cgnat which means that you do not have your own ipv4. The two workarounds I used for this are to use only ipv6 which is public but means you can’t always access it from older networks. And the second solution is to wireguard tunnel to a free oracle VM and use it as a proxy.
Most likely you are under CGNAT, so your best bet is Tailscale, Wireguard, CloudFlare Tunnel or Zero Tier. Pick your poison.
Wireguard will only work if the cellular or ISP at, say the workplace, have an IPv6 adress or IPv4-to-6 translation
Usually German ISPs are giving you IPv6.
This so much of a lie.
Only the usual suspects (new fiber ISPs, Vodafone/KabelBW and O₂) do and usually on the coax and fiber contracts.And that’s the biggest ISPs, plus he can still use Tailscale or Zerotier and still be able to access his network. Plus IPv6 IPs should be easy to assign and won’t be paid or limited.
Do you have o2 DSL, o2 fiber, or o2 cable/coax Internet? O2 cable does not have a public IPV4 address by default, you need to request one from customer service.
You checked if you have a DS-Lite contract? Those are very popular. Especially with O2, Vodafone and the fiber ISPs.
The problem: You get only an IPv4 CG-NAT IP and a regular IPv6 IP. If your ISP (for example at work) did not configure an IPv6, you will not be able to connect (A and AAAA DNS records).
I assume you set up the port forwarding in your Fritzbox (under Internet > Freigaben > Portfreigaben)?
If it has the proper external port connected to your internal port it should connect.The problem was with DS-Lite tunneling, as some users mentioned, and it only works over IPv6. However, now I have another issue. My entire family has access through their ISPs, but my cellular data ISP does not support IPv6. Is there any workaround that doesn’t require me to look for a new ISP or asking for IPv4 address? 😀 By the way, thanks to everyone for the help!
i would just ask for an Ipv4 address. I asked Vodafone for one and they just gave it to me for free.
O2 charges 50 € for that last I heard
That’s insane. I would consider a ipv4 -> ipv6 cloud hosted haproxy style setup if this was my only option.
