Self-hosting without access to router

So I'm with an ISP that won't give me access to my router. When I moved into this apartment; I called them to ask what the router's password was to change my wi-fi's SSID & password. They told me I wasn't allowed to go in the router, that it was a breach of my contract and that if I wanted anything changed I had to call them to get someone to come in (appointment 1 month later) to do the changes and charge me around 50$... Finding that ridiculous, I connected my own router as an access point via ethernet and can therefore control my own SSID & Password at will but I cannot do more advanced functions such as port forwarding.

Now I'm working on a few freelance projects (I'm a web-developer); some of which are quite heavy (either storage hungry or processor hungry) and I want to run a small pre-production server from home (my VPS is already pushed to it's limits and I don't want to pay for a second one or upgrade). In my old apartment, I used to run such a server off a Linux machine with a dynamic DNS setup and a port-forward on my router.

Since I don't have access to the router's settings; I can't setup a port-forward... Is there anyway to run a server from home without access to these settings? (I want to deploy the server within a week to give access to clients and therefore can't wait for my "awesome" ISP to send someone over)

I have a Windows 7 machine running 24/7 for other stuff that I'd like to use.

Any suggestions would be greatly appreciated!

Frenchmassacre

Posted 2018-04-19T18:47:18.120

Reputation: 148

7Short answer: change your ISP. You can't allow other users to access your server with blocked ports. – CaldeiraG – 2018-04-19T18:54:07.860

Been trying to switch but unfortunately can't find another ISP that offers TV over ethernet here and thats the wiring this apartment has... I thought there might be a workaround somehow :( – Frenchmassacre – 2018-04-19T18:59:20.603

@Frenchmassacre I know nothing about tv over ethernet, but maybe you can look into how to do that without using that ISP? Like how does it work and what's the technical reason why that ISP can offer it but others can't? – barlop – 2018-04-19T19:28:06.120

What you could do is reverse tunneling. So a computer behind NAT with no port forwarding, can make an outgoing connection to a computer elsewhere that doesn't have such a restriction e.g. your friend's computer. Your friend's computer can open a port when that happens. Then, suppose a computer wants to access your server, they can connect to your friend's computer and then through that connection already made, it can encapsulate a connection within that, to your server. So if you know some SSH you might know SSH -L, well to do a reverse tunnel you do ssh -R – barlop – 2018-04-19T19:32:09.483

something like $YFC=$yourfriendscomp $YC=$yourcomp $CWC=$compthatwantstoconnecttoyou. So set up an SSH server on $YFC. Say the ssh server is then running on port 222 of $YFC. Then $YC SSH -R 1234:127.0.0.1:345 $YFC That will open port 1234 on $YFC. Then $CWC 's client program connects to $YFC on port 1234. then that client program will then automatically connect to $YC port 345. – barlop – 2018-04-19T19:36:37.883

@barlop For the TV over IP -> They are using an old tech that was popular here for a while that all other ISP's have abandoned and are actively phasing out by refusing to install any new ones. They all tell me "you have to change your wiring before we can install" been considering moving flats only over this. – Frenchmassacre – 2018-04-20T21:01:20.163

Not sure if this is useful or not, but you may want to look at https://localtunnel.github.io/www/.

– Anaksunaman – 2018-04-20T21:08:13.163

Reverse tunneling -> Actually was something similar to what I was thinking recently. I'm wondering if this could be done using a free hosting platform such as freehostia as a middleman. (tried it as a free hosting, can't even get Laravel running on it but it would be more than enough ressources to act as a middleman) User connects to free hosting which redirects to self-hosted solution. Only issue is figuring out how to make that work :D – Frenchmassacre – 2018-04-20T21:11:20.073

@Anaksunaman That might actually do it! I'm going over the GitHub repro now; I think I've used such a system in the past but it was time-limited (each tunnel would stop by itself after ~2h). If this doesn't have a time limit, I could create tunnels to allow access to my sites hosted locally! I'll give it a try tomorrow! – Frenchmassacre – 2018-04-20T21:18:16.907

@Anaksunaman buddy! Amazing! Finally had some time to set this up, works like a charm! no expiration or anything.. awesome! Only issue I'm having is setting SSL but I'll figure it out eventually :) Could you write this as an answer so I can accept it? – Frenchmassacre – 2018-05-05T14:11:18.190

@Frenchmassacre I have submitted a (short) answer. =) – Anaksunaman – 2018-05-06T05:38:27.453

Answers

Localtunnel

You may wish to try Localtunnel. In short, Localtunnel is a project which aims to allow you to "easily share a web service on your local development machine without messing with DNS and firewall settings."

Once installed, Localtunnel returns a publicly accessible URL when run (ex. https://gqgh.localtunnel.me), which can then be used to proxy external requests to your local machine. Importantly, since it is a tunnel, it can often bypass issues similar to the ones you are describing.

Localtunnel currently requires Node.js to work but should be otherwise relatively simple to install and use. If you are interested, they have a GitHub page here which also includes links to two clients in Go and a link to the server implementation that powers the project.

Ngrok

If Localtunnel is unsuitable for some reason, Ngrok is a similar service with paid tiers. However, it has a free plan, which may possibly meet your needs.

Anaksunaman

Posted 2018-04-19T18:47:18.120

Reputation: 9 278

I'll accept this as an answer because it took me on the right direction. Localtunnel is great but isn't very stable. the connection kept dropping out after around 15min... So I switched to Ngrok (a lot of people having trouble with localtunnel suggested it as an alternative); it has a free plan which is enough for my needs and it is far more reliable :) Cheers Anaksunaman! – Frenchmassacre – 2018-05-07T08:14:36.940

Well, thank you. I appreciate it all the same. =) Sorry this wasn't a silver bullet but I do hope Ngrok suits you better. Cheers! =) – Anaksunaman – 2018-05-07T08:28:42.457

If their router communicates with the next node on its WAN side via 8P8C (RJ45) socket without any password then it's probably identified by its MAC address (compare PPPoA or PPPoE, they typically require username and password; let's hope your connection doesn't). In this case technically you may be able to mimic their router with your own one, if only you know the MAC address of the WAN interface and if you can physically connect your router instead of theirs.

They may not care about the MAC address, in this case you can just swap routers. On the other hand, even if they seem not to care, you want to mimic their router so they hopefully won't notice your action. So let's assume they do care.

Their router may have the relevant MAC address written on its bottom sticker; or may not; or they may have changed it. As the last resort you can connect a computer to its WAN port and sniff packets when it tries to communicate; this way you can reveal its MAC address.

After you set your router up to mimic the old one (the option is usually called "MAC cloning"), you will be in control. There are few pitfalls though:

It may be a violation of the contract.
They may notice they can no longer log into the router; or they may notice the router stopped sending logs to them or something; in short: they may or may not notice your action, they may or may not react.
They may be using carrier-grade NAT so the router gets its WAN IP address from a private pool; therefore even after you swap routers, you need port forwarding to be configured not only on your router but on yet another gateway it connects to; this will defeat your purpose completely.

You can try this approach but there's no guarantee it will work. It may get you into trouble. Trying for like five minutes will probably go unnoticed, so you can at least check if it works. Then think twice if it's worth it as a permanent solution. Whatever you do, it's at your own risk.

Kamil Maciorowski

Posted 2018-04-19T18:47:18.120

Reputation: 38 429

As pointed out, if they are using carrier-grade NAT, then even your own router, would result in a condition where a port forward wouldn't be possible. You can't forward a port within their network, only your own, but only if you are assigned a public ip address. – Ramhound – 2018-04-19T21:43:54.937

@Kamil Well, I thought I'd give it a try but from what I can tell, it's a PPPoE connection... Interesting solution though! :) – Frenchmassacre – 2018-04-20T21:10:22.750