Can not access server using Port forwarding
I am trying to access the server from the public ip. for that I have enabled port forwarding on the tp-link router for port 8069.
My pubic is is 123.201.xx.xx
When I try to access my public address with port number, it gives me no response.
I have checked forum to resolve the issue. and get to know that my public ip and wan ip is different. i tried to access the server with the wan address and it allows me to access the server locally, not publicly.
my wan address is 100.66.xx.xxx.
what additional configuration i need to do to access server publicly? why my wan address and public ip is different?
The WAN address you have is in the range reserved for CGN (Carrier-Grade NAT, RFC 6598, IANA-Reserved IPv4 Prefix for Shared Address Space). This range is 100.64.0.0/10
, and it means your ISP is assigning you what is essentially a private address, and it is doing NAT also. Most ISPs don't even use this range assigned by IANA for this, they just use regular RFC 1918 address space. Your port forwarding doesn't work because you are not forwarding on the ISP's NAT, and the ISP will not port forward for you since that would prevent all its other customers on that NAT from being able to use that port.
The RIRs have run out of IPv4 addresses to assign to the ISPs, so the ISPs are turning to CGN to assign non-public IPv4 addresses to residential customers, saving their precious pool of public IP addresses for business customers willing to pay a premium for public IPv4 addresses.
Most residential ISPs have clauses in their customer agreements which prohibit you from running a server from the residential network to the Internet, so they don't really care if CGN prevents this for residential customers.
From the RFC:
1. Introduction
IPv4 address space is nearly exhausted. However, ISPs must continue to support IPv4 growth until IPv6 is fully deployed. To that end, many ISPs will deploy a Carrier-Grade NAT (CGN) device, such as that described in [RFC6264]. Because CGNs are used on networks where public address space is expected, and currently available private address space causes operational issues when used in this context, ISPs require a new IPv4 /10 address block. This address block will be called the "Shared Address Space" and will be used to number the interfaces that connect CGN devices to Customer Premises Equipment (CPE).
Shared Address Space is similar to [RFC1918] private address space in that it is not globally routable address space and can be used by multiple pieces of equipment. However, Shared Address Space has limitations in its use that the current [RFC1918] private address space does not have. In particular, Shared Address Space can only be used in Service Provider networks or on routing equipment that is able to do address translation across router interfaces when the addresses are identical on two different interfaces.
This document requests the allocation of an IPv4 /10 address block to be used as Shared Address Space. In conversations with many ISPs, a /10 is the smallest block that will allow them to deploy CGNs on a regional basis without requiring nested CGNs. For instance, as described in [ISP-SHARED-ADDR], a /10 is sufficient to service Points of Presence in the Tokyo area.
This document details the allocation of an additional special-use
IPv4 address block and updates [RFC5735].
The RFC also lists some of the problems caused by CGN:
5.2. Empirical Data
The primary motivation for the allocation of Shared Address Space is as address space for CGNs; the use and impact of CGNs has been previously described in [RFC6269] and[NAT444-IMPACTS]. Some of the services adversely impacted by CGNs are as follows:
Console gaming -- some games fail when two subscribers using the same outside public IPv4 address try to connect to each other.
Video streaming -- performance is impacted when using one of several popular video-streaming technologies to deliver multiple video streams to users behind particular CPE routers.
Peer-to-peer -- some peer-to-peer applications cannot seed content due to the inability to open incoming ports through the CGN. Likewise, some SIP client implementations cannot receive incoming calls unless they first initiate outgoing traffic or open an incoming port through the CGN using the Port Control Protocol (PCP) [PCP-BASE] or a similar mechanism.
Geo-location -- geo-location systems identify the location of the CGN server, not the end host.
Simultaneous logins -- some websites (particularly banking and social-networking websites) restrict the number of simultaneous logins per outside public IPv4 address.
6to4 -- 6to4 requires globally reachable addresses and will not work in networks that employ addresses with limited topological span, such as those employing CGNs.