I’ve been putting off switching to a cable-modem I bought a few months back, because of Comcasts tech. support.
I’ve also been trying to self-host services with tailscale(VPN)-caddy(R.proxy)-Pi-hole, but have been having little success.
I don’t want to directly expose the NT IP. like with DDNS. I also don’t want to use CF tunnels, b/c they route through CF and could cut me off from my service if I stream too much of my media.
With the Comcast default router/gateway they don’t let you set custom dhcp or dns or dynamically FWD dhcp or dns to other devices.
Is this why the Videos on-line explaining self-hosting always say do what is best for you; but I bought this PFsense or expensive Unify router for example??
Is self hosting with a default router even possible??
I have a DDWRT as my wifi router already, and a second one I can place behind a plain cable modem; which I get I will have to call customer support to get working. I plan to use the First DDWRT with wifi disabled as my DHCP server, and have DNS forwarded to a pi-hole.
Is this the best idea for getting my services working properly??
Yes
Yes with cloudflare tunnels.
I don’t like CF tunnels, b/c I prefer to tunnel in w/ Tailscale-VPN, and Reverse proxy w/ Caddy; that way I will using my bandwidth alone, so I can stream unlimited locally saved/served media. CF tunnels are super non-specific about how much data they might consider too much. I just don’t want to risk it, plus w/ TS I get a free TS-domain. My budget is tiny!
Yes, you can. I use both Cloudflare tunnels (for things that don’t play nice) and nginx for everything else. Getting the port forward setup can be tricky since you have to use the app on your phone. Also using Cloudflare and proxying your DNS records will eliminate any NAT issues. You also may want to setup DHCP reservations to keep the IP addresses static. In typical Comcast fashion, this has to be done on your browser by going to your router’s IP instead of the app.
I bought my cable modem, it does not route anything. It goes directly to a hardware firewall.
I used WireGuard VPN for my setup so I don’t have anything exposed directly to the internet. Just a matter of opening up the UDP port. WG is secure; I have a separate DDNS server that updates my A record whenever my IP changes.
Use a reverse proxy instead of cloudflare tunnel in my opinion.
Login to your Comcast cable modem and see if you can switch it to bridging mode
All you have to do is plug in the new router and use the app to update the MAC address. I did it a couple weeks ago.
If external expose is not something you want, just use tailscale/zerotier. With that, it won’t matter what router you’re using.