After moving to a new ISP see my post 250Mbps NBN I had an issue with not having access to more than one public IPv4 address, In my home lab I run a couple of services that can only run on IPv4 and need to run port 443 🙁
The only way I found I could get this part of my Lab to work in the past was to buy more IPv4 address from my ISP but after my move this is not something I can do anymore.
The solution I found to this issue was found with a cheap VPS (Virtual Private Server) and a tool named redir a TCP port redirector. Using this we are able to port forward a public IPv4 443 connection to a random port in our back end HomeLab.
I went over to LowEndBox and found a good deal on a year long VPS. I was able to find one that was only $14 a year with it’s own public IPv4 address. I picked to have Ubuntu installed as I’ve used it the most.
Getting your VPS ready
The VPS was ready to go in under half an hour I was had SSH’ed onto the box, first off run any needed updates:
Sudo apt-get update Sudo apt-get upgrade Sudo reboot
Now it’s time to install Redir and Screen
Sudo apt-get install redir Sudo apt-get install screen
I have been running Redir in a screen so I can disconnect from the VPS and set and forget it (to the most part).
You will also need to setup a port forward into your home network on a random TCP port. I’m not going to go over how to do this here but if you need more info have a look at this Guide
Start a Screen
And then run the Redir command
Screen redir --laddr="VPS IP address" --lport=443 --caddr="HomeNetowrk IP Address" --cport="the reandom port"
it should look something like this
redir --laddr=18.104.22.168 --lport=443 --caddr=22.214.171.124 --cport=53859
Detach from screen by Ctrl-a then d or just close the SSH window.
Update the public DNS of your service to the IP address of your VPS and now any requests going to the service on 443 (SSL) with me forwarded to you home network!, No need to pay for more IPv4 addresses or in my case host a big VM in the cloud when I have the hosting power at home and it was just the lack of IPv4 addresses keeping me back.