Context:
Over the past few months, Xfinity has just been causing me so many problems with self-hosting. Not having a static ip isn’t actually that much of a problem for me, I was able to set up a little docker container that automatically changes my dns records when my ip changes. However, pretty frequently, they’ll reset my router/gateway’s firewall configuration, which blocks basically all ipv6 traffic by default, and the other day, they even removed my port forwards while I was away, and hid my server from the port forwarding screen so I couldn’t add them back until I got physical access to the server.
So, I’ve come to the realization that I should probably set up a VPS, since that should solve basically all of my issues. All I want is something that can forward/proxy gigabit traffic to my server, probably over something like wireguard.
To be clear, I still want all of my services to run on my server, I just want the VPS to route the traffic.
And, said VPS preferably has ipv6 in addition to ipv4 access, and gigabit download, though none of those are strict requirements.
Questions:
Are there any issues or limits with this setup that I’m not considering?
Is there a better solution?
Assuming the previous Q’s are fine:
What’s a good VPS provider for this?
What software should I use to actually do the forwarding/proxying?
Depends on how you want to access stuff away from home, I have both a tinc mesh VPN and pangolin tunnels.
They serve different purposes, tinc is to get from home to my Dedi and the VPS. Pangolin is to assess stuff away from home.
As I’ve just moved to starlink I to now don’t have a static IP and this has made the move almost transparent
You already got a bunch of answers here, but I just want to narrow down on this part:
However, pretty frequently, they’ll reset my router/gateway’s firewall configuration, which blocks basically all ipv6 traffic by default, and the other day, they even removed my port forwards while I was away, and hid my server from the port forwarding screen so I couldn’t add them back until I got physical access to the server.
I cannot express enough how much you need to stop using their router/modem. Its going to cost more, you have no control, they are undoubtedly using the built in AP to sniff data about devices around, etc, etc, etc.
Friends don’t let friends use ISP provided hardware. Especially if Comcast gave it to you. Please get your own.
I recommend a modem, a router, and preferably the AP as entirely separate devices.
Good luck and have fun
I just want to put it out there: in some countries, you literally can’t not use the ISP provided modem, and for my needs, the best I can do is put mine behind theirs, but I cannot remove theirs from the equation.
Good call. The only thing I need/want from my ISP is the cable coming into the house. Everything else is off limits.
Ohhh trust me, I know, I still live with my parents and they have no understanding of how vile corporations can be. They simply don’t want to use anything other than the ISP bullshit because they think it’ll be worse, and that the higher price means higher quality. :/
I still live with my parents and they have no understanding of how vile corporations can be
As a septuagenarian, it’s really not their fault as much as the era they were most likely grew up in. We were taught to trust cops, governments, corporations, etc because these organizations had our best interest at heart. wink - wink
Oh no.
They are Comcast’s favorite kind of people - exploitable.
Good luck!
I just recently set this up for myself. I used Racknerd (they have crazy deals you can find on racknerdtracker which, to my understanding, work because any unclaimed deals they’ve ever offered don’t expire). If you’re only using it as an access point for stuff you’re hosting at home, you can get a cheap 1 core kvm with appropriate speed and data limits, and connect with wireguard (or as other people have said, pangolin or similar services)
Just so you know, you can remote config your Xfinity cable modem (blecch) using their app or by logging into your account.
Yea, their modems are trash of the first order. You’d actually be better of buying your own modem and then using your own router behind it.
That out of the way, it’s really strange they’re resetting your modem completely. I’ve used them for probably 10 years in one location and haven’t seen that.
Not saying you’re wrong - it’s your setup. It’s just strange.
You could always run something like Tailscale on one machine, then you’d always have a route into your network which you could use to reconfigure the modem.
It’s a poor rat that ain’t got 2 holes.
Actually, it’s not acan, you have to. They removed almost everything from the modems admin page. Even then though, the issue is that my server is connected over MoCA, which doesn’t show up on their port forwarding thing, it has to be directly connected via Ethernet to port forward to it. So I had to physically move the server to the modem, plug it in, and add my port forwards
I think a few people already mentioned some good solutions. I just wanted to add: A port forwarding in the firewall of your router is the basically the same thing as a port forwarding on your Linux computer’s firewall. You could just set up any VPN, SSH tunnel or whatever and then use your firewall (nftables, iptables) and forward the VPS’ extetnal port to the internal port on the VPN. It’s the same thing you do on your router, just that you don’t get a graphical interface to configure it.
How would this work if the router doesn’t have a port forwarded to an internal address?
I’d let the home server connect to the VPN on the VPS so there’s a direct tunnel between the VPS and the home server. And the router is pretty much irrelevant. You can of course choose to terminate it on the router as well, bus as you said, that requires either a second forwarding. Or the entire home network to be bridged or routed.
The VPN tunnel is initiated from inside the home network.
What software should I use to actually do the forwarding/proxying?
I highly recommend Pangolin. It does exactly what you’re looking for: Establishes a tunnel between your home server and the VPS, to proxy services on your home network through the VPS.
It also automatically sets up LetsEncrypt certs for your web services, and provides an optional security layer so only authenticated users can get through the proxy.
You can also do TCP and UDP port forwarding for non-web services.
What’s a good VPS provider for this?
I use Racknerd. You will need an affiliate link to get a good deal. I would not recommend the services they offer directly; the prices are considerably higher. Pangolin’s quick-start guide has affiliate links for three services; I use the 2gb option. They have other options, but we’ll have to move to DMs.
All the racknerd links are no good
The plan you selected is out of stock and not available for ordering at this time. Please consider choosing another plan, view our available VPS plans HERE
Gotcha. I’m doing everything I can to avoid spamming, but that’s kinda hard to do when OP has specifically asked for a service provider…
I know this link will work: https://my.racknerd.com/aff.php?aff=17772&pid=953
That’s for the 2gb/2cpu service I use. From low-end to high-end, pids 952 ($21.99/yr), 953, 954, 955, and 956($119.99/yr) are currently available.
Sorry, I wasn’t trying to call you out or anything. Just bummed that the good prices weren’t available anymore.
Nothing to apologize for! I wish they wouldn’t be cagey about their actual offerings. I’d recommend them more if I didn’t gain anything from doing so.
Pangolin (or netbird) on the vps. I can recommend something with at least a gig of ram from ionos. The rest doesn’t matter. Then just paste the vpn snippet on the local service compose (assuming you are using docker) and be done with it. Works like a charm.
So, I’ve come to the realization that I should probably set up a VPS, since that should solve basically all of my issues. All I want is something that can forward/proxy gigabit traffic to my server, probably over something like wireguard.
Forgive my addled brain. Are you wanting a VPS to set up a VPN like Wireguard? If so, the VPS won’t have to be anything huge I would imagine. For something like that, I would go shopping at lowendbox.com. The important bits would be the speed rather than size of the VPS. Also, since you mentioned you already have Docker running, Wireguard Easy, would be the easiest to deploy.
Pangolin might be interesting for you.
Yup, a VPN is how I’m doing it. I just set up Netbird, with a relay on a tiny free Google Cloud VM, and it was extremely easy. You can use any host, really.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters AP WiFi Access Point IP Internet Protocol SSH Secure Shell for remote terminal access TCP Transmission Control Protocol, most often over IP UDP User Datagram Protocol, for real-time communications VPN Virtual Private Network VPS Virtual Private Server (opposed to shared hosting)
[Thread #255 for this comm, first seen 25th Apr 2026, 21:20] [FAQ] [Full list] [Contact] [Source code]
I have not done it but I understanding is file player has a service that does this for you, obviously not self hosted in that regard but still a popular choice.
