Beyond the Nat: Cgnat, Bandwidth, and Practical Tunneling
4 months ago
- #Tunneling
- #Networking
- #CGNAT
- Home internet in the 90s was simpler with direct IPv4 addressing, but today Carrier-grade NAT (CGNAT) and IPv6 are used due to IPv4 scarcity.
- CGNAT blocks inbound connectivity, complicating self-hosting, gaming, VoIP, and P2P applications without additional tools like tunneling.
- Bandwidth is often misunderstood as 'speed,' but practical performance depends on capacity, symmetry, and guarantees like SLAs.
- Residential internet is usually asymmetric and best-effort, while business connections offer symmetric throughput and static IPs.
- DDoS attacks can mimic traffic surges from popularity or misconfigurations, not just malicious intent.
- Tunneling (e.g., bore-cli or Cloudflare Tunnel) can bypass CGNAT restrictions to expose local services securely.
- SSH should ideally be restricted to private networks or VPNs, with public exposure as a last resort, secured with keys and MFA.
- Backups and hygiene (e.g., patching, logging, key rotation) are critical for maintaining secure and reliable systems.