Sometimes, when i do networking, i feel like im actually just stupid, and this is adjacent to my rl job so i should know this. hopefully someone here can help me.
the setup:
2 Windows PC's. one of them is used as a server for different applications. mostly games, but one of them is supposed to be ran as a fileserver now.
a tp-link router.
some netbook via wlan
essentially, i'm using the open source file browser software to host a simple browsing interface for my servers hard drive.
locally i can open it in the browser via 127.0.0.1:55537 (the port i set the application to listen to).
i can also reach the server from my main pc via its private nentwork ip 192.168.0.106:55537 (which obviously also works localy). additionally, i can reach it via radmin from an outside pc, since its a simulated network. no problems there.
additionally, i can reach it when using my routers dynamic IP address. I do not have a domain yet, but i'm planning on purchasing one once i get this working. opening it up this way, sometimes takes a very long time to respond tho, not sure why and if this is important.
anyway, I have forwarded the port with TCP and UDP in my router, which is why i can open it up by entering my routers IP.
however, i can not reach my server from a device on WAN or the internet via the routers IP or the Servers assigned IP and i have no idea why. firewalls on my router and server are disabled, so that shouldnt be it.
my router displays an ip starting with 100.X.X.X, with (dynamic) in parentheses behind it, with which my server is also reachable from within the private network. apparently this is a CGNAT? i haven't really had to deal with this before, but reading up on it it seems to imply that the server wont be reachable, unless my ISP is going to setup port forwarding for me, which they wont do.
If it's in the range 100.64.0.0 – 100.127.255.255 then yes it's CGNAT.
Often an ISP offers some way to bypass CGNAT. It can be a dynamic public IP, it can be a static public IP, it can be a dynamic DNS service (a public domain name they keep synced to a public dynamic IP). But the cost of that service may be too big.
If there's no way (or too expensive) for the ISP to allow bypass, you can use Cloudflare tunnels or Tailscale funnels. They're both free but there are pros and cons to each of them. Cloudflare requires you to use a domain and to use their own DNS service in order to use their tunnels, and they don't allow media streaming through them. Tailscale doesn't care what you use them for but you have to use a domain allocated by them.