this post was submitted on 04 Sep 2023
58 points (93.9% liked)
Selfhosted
60409 readers
543 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil.
-
No spam.
-
Posts are to be related to self-hosting.
-
Don't duplicate the full text of your blog or readme if you're providing a link.
-
Submission headline should match the article title.
-
No trolling.
-
Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
If it’s double NAT where you have control over both boxes, it’s not that big a deal. First of all, it only matters at all if you’re trying to forward ports for remote access to your services, in which case you just need to add two port forwarding rules for each service, instead of one, one in each firewall. Alternatively if the ISP router allows it, see if it has a 1:1 NAT feature, this way it forwards ALL the ports to your private router, where you can then be selective about which ports to allow.
Alternatively, if you’re not trying to host services on your LAN for public access and consumption (Which would be a bad idea at this point in time anyway given your level of knowledge) don’t worry about the NAT or port forwarding at all and just use a mesh VPN like Tailscale (Optionally with the self hosted control application Headscale) and use that to access your services which outside home securely.
Some routers will call the 1:1 NAT feature, "DMZ" (Short for Demilitarised Zone). The idea is that you just act as a pass-through, in this case, "passing through" the external internal to the internal router.