ISP blocking ports

okno · January 23, 2021, 11:50pm

FreedomBox newbie here. Followed the Installation Instructions about setting up gnudip DNS and LetsEncrypt certs but LE kept failing to verify ./well-known/acme-challenge. So did a port scan and discovered that my ISP is blocking all ports. I have 20Mbps download / 10 Mpbs upload residential service. ISP offers commercial service so I assume the ports get unblocked for commercial customers but get blocked for residential typical customers. So can’t run any services over the clearnet. Bummer. So, guess I’ll have to buy a PageKite plan and tunnel services. Not sure of the bandwidth of the tunnel versus my current ISP connection to the net. Might be nice to update the Wiki to let others know that they might need to check if their ISP is blocking service ports.

Stll learning my way around the FB. I did update i2p to current version 0.9.48 and installed i2pbote plugin. All’s working well now that I’ve set up tunneling between my laptop and the FB i2prouter. Might be good to update I2P instructions on Wiki. Don’t think all the i2prouter apps will work correctly unless tunneling is set up between Browser and FB so that localhost/app gets mapped to the FB and not the Browser.

mtinman · January 25, 2021, 10:11pm

@okno,

Have you set up pagekite in the System settings page yet? That is how I originally bypassed Carrier Grade NAT (CGNAT) with my freedombox. Typically, ISP’s use CGNAT to block incoming requests on ports 25, 53, 80, 443, etc. so that you cannot serve from home. Pagekite is a type of proxy that bypasses this. I also had to use pagekite to obtain my SSL certificates with Let’s Encrypt. Hope that this helps!

okno · January 28, 2021, 12:06am

Haven’t set up a PageKite account yet but plan to do so by and by. Think I’ll buy a name from NameCheap and setup a CNAME pointer to PageKite

mtinman · February 13, 2021, 12:06am

Pagekite is free to register/set up (they also have reasonably priced paid plans), and you won’t have to provide a CNAME pointer, unless you would like to have your pagekite (yourpagekite.pagekite.me) to point to something like pagekite.yourdomain.tld.

I personally use Namecheap as my domain registrar, and I have been very happy with them overall. I just use a single A+ Dynamic DNS record currently, but I have set up CNAME and 301 Redirects with them in the past, and everything has worked well.

In the past, I have used GoDaddy as a DR, but they were shifty on pricing (their prices jumped considerably once the promotional period was over), and their tech support was not as good in my opinion.

okno · February 14, 2021, 4:02pm

I use NameCheap, too. Beware, though, their WhoIsGuard privacy protection is NOT available for many .tld incuding all 2-letter country codes like “.us”, so your contact info including address, email and phone number will be public. “.com” domains are safe to buy and have WhoIsGuard privacy protection as standard.

mtinman · February 14, 2021, 8:08pm

Yeah, I have a .net domain, so WhoIsGuard was included, I did a whois lookup for my domain to check it, and it seems to be working properly for me. Thanks for the “Heads Up” on that, good info to know.