(Sorry if this is too off-topic:) ISPs seem designed to funnel people to capitalist cloud services, or at least I feel like that. And it endlessly frustrates me.
The reason is even though IPv6 addresses are widely available (unlike IPv4), most ISPs won’t allow consumers to request a static rather than a dynamic IPv6 prefix along with a couple of IPv6 reverse DNS entries.
Instead, this functionality is gatekept behind expensive premium or even business contracts, in many cases even requiring legal paperwork proving you have a registered business, so that the common user is completely unable to self-host e.g. a fully functional IPv6-only mail server with reverse DNS, even if they wanted to.
The common workaround is to suck up to the cloud, and rent a VPS, or some other foreign controlled machine that can be easily intercepted and messed with, and where the service can be surveilled better by big money.
I’m posting this since I hope more people will realize that this is going on, and both complain to their ISPs, but most notably to regulatory bodies and to generally spread the word. If we want true digital autonomy to be more common, I feel like this needs to be fixed for consumer landline contracts.
Or did I miss something that makes this make sense outside of a big money capitalist angle?
You must log in or register to comment.
I think there are still enough v4-only systems out there that you don’t really want to host a mail server on v6. You are right though that it would be nice to be able to get static v6 (or for that matter v4) addresses from home isp’s. Some do offer that of course.
Another issue can be that the average home internet user has no idea keep even a client system secure. So ISP’s might use NAT and default firewall configurations partly to stop incoming connections on the theory that they are likely to be malicious. On home routers you can usually open ports if you know what you’re doing. I don’t know if that’s even possible on mobile phones.
IP blocklisting is still very much a thing as well so you can expect any mail originating from a residential IP to be rejected due to their /24 or larger having previously sent spam, and that assumes you can send server-to-server mail (destination port 25/tcp) in the first place since many ISPs and server providers block traffic destined to that port by default to prevent users from getting their IP blocklists. My home ISP blocks outbound SNMP traffic (or at least did 10 years ago) presumably to also prevent abuse. That said, things like blocking inbound port 80/tcp and 443/tcp is purely a measure to prevent people running servers at home which I’m not a fan of.
Yes, that too. I hadn’t even thought about trying to send email from a home ISP. Everyone knows you basically can’t. I thought the idea was to receive email rather than send it, so you wouldn’t be relying on some bigtech company to store it for you.
Use hostnames and dynamic prefixes or addresses don’t really matter. Haven’t had an issue in years and my last isp changed prefixes multiple times a week. I mean technically it would not be available for five minutes when IP changes but never noticed.
It’s just one more bullshit thing to set up, but yeah I might be doing it soon.
They don’t care about “capitalist cloud services”, they just care about money. If they can charge you a premium for more advanced features (they can) then they will.
We seriously need an international co-operative (Worker-owned) ISP.
If you have control over at least the root of your network you can totally get away with hosting in a dynamic pub ip. You just need to set up dynamicdns. There are other ways of handling this specific issue too. You can always go to a colocation and set up a server there if you want. You could also create your own reverse proxy tunnel in a place that is public then forward it. There are lots of work arounds really. Yeah, it sucks that American ISPs generally don’t support ipv6 but there are totally ways to work around it all.
What really gets me up in arms is when they advertise gigabit connections or 500mb speeds only to limit upload to 20mb/s. That is where they are actively inhibiting self hosting communities.
Capitalist institutions push capitalism? What kind of world is this!
I wonder how often the assigned prefix changes with most of the regular ISPs. I’d have to look someone else’s router since I’m still stuck on an old contract. But I believe what I saw with some of the regular consumer contracts: the prefixes stay the same for a long time. You could just slap a free DynDNS service on top and be done with it.
But yes, I think this used to be the promise… We’d all get IPv6 and a lot of gadgets like NAS systems, video cameras and a wifi kettle and they’d be accessible from outside. Instead of that we use big capitalist cloud services and all the data from the internet of things devices has some stopover in the China cloud.
My ISP seems to use just normal DHCP for assigning addresses and honors re-use requests. The only times my IP addresses have changed has been I’ve changed the MAC or UUID that connects. I’ve been off-line for a week, come back, and been given the same address. Both IPv4 and v6.
If one really wants their home systems to be publicly accessible, it’s easy enough to get a cheap vanity domain and point it at whatever address. rDNS won’t work, which would probably interfere with email, but most services don’t really need it. It’s a bit more complicated to detect when your IP changes and script a DNS update, but certainly do-able, if (like OP) one is hell bent on avoiding any off-site hardware.
That is basically what they do yes. ISPs are the only thing standing in between the entirety of humanity and out of the box selfhosting. With fixed IPv6 IP addresses you could build and sell devices that just self host all your stuff out of the box. You could just sell complete normie people a “cloud box” that they can slap in their home for a one time cost that will take care of all their cloud storage and smart device needs. You could integrate it into any smartphone OS ootb so that all you have to do is scan a QR code on the “cloud box” and it connects all your apps that need it to it.
If you’re looking for sympathy, you got it. Fuck the state.
If you’re looking for solutions, use a cheap $5/mo VPS that exists purely as your gateway host. Run everything you want on your home machines, then tunnel the traffic to your gateway and reverse-proxy it there. Your data stays in your hands, you can spin up and expose new services publicly in a matter of minutes, AND your home IP isn’t vulnerable to doxxing or DoS.
@dgdft @ellie @selfhosted this is the way
I basically do exactly this, but I am running the reverse proxy on my home computer: the VPS is literally just acting as a proxy, for which I use wireguard to tunnel the connection. So far it’s worked great, though initial setup was a pain.
So you essentially have a DMZ between your VPS and home network that is divided by your reverse proxy?
This is a great suggestion!
Lest anyone miss the buried lede, this approach means that traffic is pre-encrypted as it passes through the gateway VPS - so even if your VPS gets hacked, it’s way harder to steal credentials and break into the services running on your home network.
use a cheap $5/mo VPS that exists purely as your gateway host
Now, why so expensive?
https://racknerdtracker.com/?sort=price
Disclaimer: I never used Racknerd (nor any other VPS).Thank you sir!
“JUST $10.28/YEAR - WOW!!” Laughed out loud at that, and I’ll have to give this a look. Currently I just use nginx and duckdns to expose my home IP for my self hosted stuff.
I’ve used them for years with literally zero issues. Performance a for a cheap VPS. And since all the real work happens on my machines, if they enshittify, I can easily move elsewhere.
Is there a more detailed guide to this practice and the pros/cons?
This is @Shimitar@downonthestreet.eu‘s work, not mine - but it’s pretty similar to how I’d set things up:
https://wiki.gardiol.org/doku.php?id=networking%3Assh_tunnel
Really appreciated the reference!
Good to know my wiki is of any use to somebody.
:)
Thanks king, this actually makes sense!
Yeah it’s fucked up.
I’ve noticed that on my cell phone’s cell connection, I can’t access my home server, but I can access my cloud site. I’m guessing either XFinity blocks connections from cell IPs thinking they’re spam, or my cell carrier blocks connections to home IPs thinking they’re scams.
With a little more debugging I’ll either change cell carriers or ISPs soon I hope. If I have to register a business maybe I’ll make an LLC and run a lemonade stand or something lol.
My dynamic IPv6 prefix hasn’t changed in a couple of years. It only changed because I reset the router config and that changed my DUID. That’s good enough for everything I host. I don’t even bother with dynamic DNS anymore.
I wouldn’t bother with trying to host an email server from a residential connection though. Even if you can get your ISP to open port 25 for you, many email servers won’t accept mail from residential IP addresses.
Most users have no use for a static adress space. Those are usually business or power-user needs.
This you are classified as that. A power-user.The reason they have no use for a static address is because applications haven’t evolved to work that way. Roll back the clock 30 years, do IPv6 seriously so that everyone has static assignments by the time the Y2k problem has come and gone, and you have a very different Internet.
In fact, many applications, like VoIP and game hosting, have to go through all sorts of hoops to work around NAT.
There’s pretty much no use for a normal person, just for business and power users like the person above you.
For your couple examples, nobody at home actually runs VOIP except a couple nerds just like nobody has home phones except a couple of old people. And quick game servers don’t need statics, and if you are hosting something long term that would push you into the power use space.
. . . nobody at home actually runs VOIP . . .
Plenty of people used Skype and Vonage. Both were subverted because they have to assume NAT is there.
. . . quick game servers don’t need static . . .
But they do work better without NAT. That’s somewhat separate from static addresses.
My old roommate and I had tons of problems back in the day when we tried to host an Internet game of C&C: Generals behind the same NAT. I couldn’t connect to him. He couldn’t connect to me. We could connect to each other but nobody outside could. It’s a real problem that’s only been “solved” because a lot of games have moved to publisher-hosted servers. Which has its own issues with longevity.
As far as I’m aware Skype does not support actual VOIP calling anymore, at least according to Microsoft and the couple forums i just skimmed through. But it’s been probably 10+ years since I’ve actually used it or interacted with anyone who used it haha
And I was talking about static IPs, which are different. And at least in the US (in single family homes) its crazy unlikely that your router is behind any NAT. Unless you’re talking about CGNAT but anything short of a dedicated fiber run or dedicated wavelength (which are not options for residential people) you will be behind a CGNAT anyways. Even if you have a public IP.
And, anecdotally. In the last 5-8 years I don’t think I’ve had any issues with NAT when hosting games, it’s just firewall rules or my public IP changed. But ymmv on that one when playing 22 year old games haha
Skype won’t be supporting anything at all very soon.
What happened with Vonage is something that could happen with any kind of instant messaging, including things like Discord.
With everything directly addressable (not just static addresses, but directly addressable), an IM/VoIP service can simply connect to the recipient. No servers are necessary in between, only routers. That doesn’t work with NAT (CG or otherwise), so what you have to do is create a server that everyone connects into, and then that forwards messages to the endpoint. This is:
- More expensive to operate
- Less reliable
- Slower
- A point for NSA eavesdropping (which almost certainly happened)
This is largely invisible to end users until free services get enshittified or something goes wrong.
Yes, it’s only tangentially related to static addresses, but it’s all part of the package. This is not the Internet we should have had.
And at least in the US (in single family homes) its crazy unlikely that your router is behind any NAT
Your router has NAT. That’s the problem. CGNAT is another problem. My C&C: Generals issues did not have CGNAT.
All routers have NAT, that’s sort of their entire role. Are you maybe talking about “double NATing” where you have your router behind the ISP modem/router?
No they fucking don’t, that’s not what routers do. You don’t know what you’re talking about.
And don’t fucking tell me NAT is for security, either.
That’s not the point of a router. It is one feature that most of not all now have, but it’s not their primary purpose.
Fyi, Skype was officially killed by Microsoft on May 5th, earlier this month.
It would be handy for piracy to always know your friend’s IP addresses. Like friend-to-friend networks like Retroshare
And having a friend-to-friend piracy network absolutely pushes you into “power user” territory lmfao
I think you’re giving their ability to coordinate too much credit. Best guess the ISPs are just withholding anything that requires investment to deploy or that they can monetize themselves. Everybody else is just bottom-feeding by selling workarounds wherever the ISPs can’t or won’t.
The invisible hand of the market sucks at creating optimal solutions, but it does great at creating scammy crap that will take your money, no conspiracy necessary.
Yepp, Hanlon’s razor: they are mostly just lazy and maybe incompetent, not necessarily evil, that’s just a side effect. E.g. in my country if you call them that you want to get out of CGNAT they’ll just do that for you. My IP haven’t changed in years, but I don’t pay for fix IP. But it may be different in each country, I have mostly good experiences with local ISPs here.
It’s a pain but also it’s no surprise that DNS and ipv6 are premium when ipv4 and dynamic IP works so well for 99% of us. Even if you wanna host something publicly there are totally free services and software tools to cover most if not all caveats of not using ipv6 (for now).
I have selfhosted for years and only paid for a domain name recently.
