carlanoid132 1 Posted August 24 Posted August 24 cant connect over remote unless on the internal via tailscale or something like that. realistically want it linked to my domain and be able to remote connect safely without other clients needing anything but emby. i have port forwarded all relevant ports to the correct internal ips. tried mullvad and proton for vpns but they dont offer a dedicated open port for me to use. using canyouseeme to check if ports are open shows nothing but either refused or time outs on the ping. thanks for reading
Abobader 3204 Posted August 24 Posted August 24 Hello carlanoid132, ** This is an auto reply ** Please wait for someone from staff support or our members to reply to you. It's recommended to provide more info, as it explain in this thread: Thank you. Emby Team
carlanoid132 1 Posted August 24 Author Posted August 24 following up quickly. i have considered using caddy/ nginx reverse proxy but it is genuinely just so overwhelming at this point. just wanna be dome with it tbh lol. i own a domain through cf and thats about it for setup.
Q-Droid 803 Posted August 24 Posted August 24 This might get you pointed in the right direction, the CF tunnel part, not Emby Connect.
carlanoid132 1 Posted August 24 Author Posted August 24 thanks. i've read that it isnt the best to use cf as a tunnel as opposed to a nginx reverse proxy but i still gotta figure out how to pass this cgnat properly im guessing. actually being able to connect remotely without tailscale and stuff.
Q-Droid 803 Posted August 24 Posted August 24 (edited) CF tunnel is the component to use when CGNAT is a problem. It's purpose is similar to Tailscale. A reverse proxy serves in a different role and will not circumvent CGNAT. CloudFlare has a suite of services. Proxy, Tunnel, WAF, CDN, Security, etc. Edited August 24 by Q-Droid
pwhodges 1714 Posted August 24 Posted August 24 A reverse proxy is not a tunnel, so won't solve this anyway. CF tunnel or TailScale are the most recommended solutions. Have you tried simply asking your ISP if they can give you a routable (i.e. not cgNAT) address? Some people have had success with this. I don't know if some ISPs would charge for it, but certainly some users here have reported getting it without a charge. In some cases it's been a DHCP address, so some kind of DDNS has been required to follow any address changes. Paul
carlanoid132 1 Posted August 24 Author Posted August 24 i think its dhcp but they wont let me open any ports at all on my network. the rules are there they just dont apply lol. i have a router downstairs in router mode with a ap in my room connected. the ap is setup with a static route and is fowarded correctly so it isnt a issue there. it literally will refuse any connection outside the network even if i open the port. same for windows firewall ect ect. so moving onto the cf, will they not ban my account for using it to run emby through. i saw reports of cached media leading to account deletions which is why i considered a nginx reverse proxy instead. i am very new to this part of stuff. should i just run the cf tunnel software on my host pc which the emby server is on? thanks again
Q-Droid 803 Posted August 24 Posted August 24 Make sure you don't have double NAT going on. Is the router yours or the ISP device?
mohoelx 11 Posted August 24 Posted August 24 I would wonder why not just use Tailscale? I was using it a couple of years with T-Mo home internet before I switched to fiber when it bcame available in my area.
carlanoid132 1 Posted August 24 Author Posted August 24 15 minutes ago, mohoelx said: I would wonder why not just use Tailscale? I was using it a couple of years with T-Mo home internet before I switched to fiber when it bcame available in my area. more faff and effort for the enduser. the people on this server struggle to download emby, nevermind login to tailwind.
carlanoid132 1 Posted August 24 Author Posted August 24 4 hours ago, Q-Droid said: Make sure you don't have double NAT going on. Is the router yours or the ISP device? i have my isps router in modem mode, connected to my own main router. which then goes upstairs to my second router. second router is set as AP
Q-Droid 803 Posted August 24 Posted August 24 (edited) If you're certain that it's CGNAT at the ISP and not double NAT at home then your options are VPN/tunnel offerings like Tailscale, CF tunnel or other VPNs that offer inbound port forwarding. Edit: or as mentioned before static IP or other options from the ISP that might put you on a public IP. Edited August 24 by Q-Droid
pwhodges 1714 Posted August 24 Posted August 24 6 hours ago, carlanoid132 said: i think its dhcp but they wont let me open any ports at all on my network. At this point DHCP is irrelevant. The question is whether they are simply blocking all incoming ports by policy, or have implemented cgNAT which blocks any incoming connection at the IP level. Either way, you can ask your ISP for a solution. If you're worried they may get upset by Emby, tell a different story - like you need incoming access to your machine for work when travelling. Paul
carlanoid132 1 Posted August 24 Author Posted August 24 thanks for the replies guys. turns out basically the entire network was kinda borked. didnt know i had to set the other routers to have the same ssid, only had put them in ap mode. so now thats all under 1 network. still getting the same issue. gonna login to the isp modem tomorrow and see if theres anything i have missed. opinions on something like purevpn? that supports port fowarding and goes on about how its used to pass cgnat. would this not work?
carlanoid132 1 Posted August 24 Author Posted August 24 2 hours ago, pwhodges said: At this point DHCP is irrelevant. The question is whether they are simply blocking all incoming ports by policy, or have implemented cgNAT which blocks any incoming connection at the IP level. Either way, you can ask your ISP for a solution. If you're worried they may get upset by Emby, tell a different story - like you need incoming access to your machine for work when travelling. Paul im not 100% sure. im hoping its just a case of me being a idiot and setup the isp modem correctly. 80/443 are open but i still cant connect via those ports unless connected through home wifi. not even tailscale lets me connect remotely now
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now