keep in mind it may not be your router's fault you can't accept incoming connections, you may be behind cgnat. if you are, you need a reverse proxy like cloudflare tunnels
this post was submitted on 03 May 2026
54 points (95.0% liked)
Selfhosted
60093 readers
1118 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam.
-
Posts here are to be centered around self-hosting. Please ensure it is clear in your post how it relates to self-hosting.
-
Don't duplicate the full text of your blog or git here. Just post the link for folks to click.
-
Submission headline should match the article title.
-
No trolling.
-
Promotion posts require your active participation in selfhosting or related communities, or the post will be removed. No more than 10% of your posts or comments may be self-promotional, or your post will be removed. F/LOSS Exception: If your post is about a project that is completely open source & can be self-hosted in full without payment, and your account is at least 7 days old, your post is exempt from this rule as long as you continue to engage in comments.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 3 years ago
MODERATORS
Cloudflare tunnels is more than just a reverse proxy, but agreed. That might be the better option regardless. If you're Cloudflare-averse, you can use Tailscale funnels, or spin up your own rproxy+tunnel solution (there are plenty out there, such as Rathole, Zrok, or frp).
I think rathole is unmaintained. It hasn't been updated in forever and basic features like proxy protocol are just sitting there waiting for a new release to make them available. I ended up replacing rathole with gost and I actually like it better. I can run an identical setup to rathole with straightforward command line parameters instead of a config file (though a config file can also be used).
I am behind cgnat and my fritzbox buildin wireguard allows me to connect to my home network from outside.
I use very popular router by Gl.Inet called Flint 2 (GL-MT6000). Goes on special for about $125 USD. Great specs, solid device.
Fully supported by OpenWRT, and I recommend flashing to that so that you have completely FOSS software with no possibly hijinks from the manufacturer's OEM OS.
You'll need to read some guides or watch some vids to get you set up on OpenWRT, bit of a learning curve, but it has everything you could possibly need. Check it out.
I also vouch for GL.inet routers, they also have a 5th gigabit port that was nice to have since all 4 of the ones on my old router were full.
I just bought the Flint 3 and love it so far! Been to lazy/haven't prioritized flashing it yet but it works great out the box.
Anything that supports OpenWRT I would say....
Or even better buy a mini PC with many net ports and install opnSense, but in this case you will need a separate wifi router and/or dedicated switch since any opnSense device will only work at perimeter level
Or even better buy a mini PC with many net ports and install opnSense, but in this case you will need a separate wifi router and/or dedicated switch since any opnSense device will only work at perimeter level
I went with this option except using pFsense in lieu of OpnSense. My own modem, router, and managed switches.
Used SFF PC: $40
Pcie 10gbe network card: $30
OPNsense: free
Done.
Where can I get SSF PC for $40? What am I looking for in particular?
eBay, FB marketplace, craigslist. Basically any dell, hp, or Lenovo workstation big enough to have a pcie slot.
Intel is usually the most prevalent. 6th or 7th Gen i3 or better. 4 to 8G ram, at least a 64G SSD.
Here's one that's a little overkill on the ram. But you'll need a cheap small SSD if you get it.
I like Mikrotik's stuff.
Me too.
Same. Moved from OpenWRT through OPNsense to Mikrotik. The performance per watt and per dollar is great.
You can get dirt cheap routers on eBay (like $30, for Tp-Link) that have active support on OpenWrt. Great little devices to get you started and if it won't be enough you will know more / what you need to upgrade.
However if your XB7 isn't doing / allowing port forwarding, you will still needed that for things to work.
I second the recommendation for TP-Link running OpenWRT (that's the important part).
I've been using a few Archer C7s for going on a decade at this point. (So long that they went from "OpenWRT" to "LEDE" to back to "OpenWRT", LOL!) They've been working fine that whole time, and the only thing that annoys me about them is that they're a funny shape instead of being rack-mountable.
Beware! Now there’s a hardware revision for a TP-Link router (I think the C7) that is not supported by OpenWrt and never will
we were looking awhile back for one, but none of the tplink models at walmart (the only retailer with routers within 50 miles) supported flashing with a third-party firmware and i didn't want to shop online for one.
we sorta lucked-out, though.. ended up just using the one from our old provider since they never asked for it back or charged us for it. it's dual band, has wpa3, guest ssid and vlan. enough for us for now. all we had to do is flip a setting from dsl uplink to wan uplink.
OpenWRT. It's got a slight learning curve. But if you want something guaranteed to do what you want while still being upgradable. It's the solution for you. You can find pre-made Hardware that will run it. Or any old business waste computers that you can gut and rebuild any way you like to make a beast of a router if you want.
If you want a complete unit with custom hardware and tuned custom software, look at MikroTik. Solid hardware, dependable software, good support, good community.
If you want to build your own, grab any multi-ethernet micropc from aliexpress and install OPNsense. Cheap and flexible. But you'll be on your own once (not if) something fails.
Both of these are essentially pro-level options with lots of headroom to build up to advanced services. I'd stay away from OpenWRT which is essentially just an open source consumer grade wifi router image. You'd be replacing your crappy (but supported) router with the same thing just without support.
One other option I would mention if you like nice centralized web ui's, have a look at Ubiquiti's Unify. If you can afford to go all-in on a Unify router, backbone switch and wifi access points, the combined management is really a step above the competition.
How do you find those micropcs on Ali?
Just looking for "minipc pfsense"
Okay. Finally getting some results. I swear "micropc", sff etc did not yield results.
These ~C$150 devices will still need a Wi-Fi adapter connected to them though, right?
I would recommend to always use access points for that. A used (fanless) enterprise PoE switch comes handy to power several which are spread over the house.
If the seller doesn't have a WiFi bundle, then yes. If they do, you'll just need to pay extra.
I also recommend looking for a mini PC with Intel N100, N200, etc.
Do you live in the United States? If so the only reasonable option for a router at this exact point in time is to run your own using opnsense or PFsense. You can buy an x86 mini pc with with a couple high bandwidth NICs and it’ll do the job
I bought a minipc and put OPNsense on it. Its been just over a year now. Very flexible, very easy, and rock solid.
I have an OpenWRT One. It comes with OpenWRT preinstalled (duh) and some proceeds go to fund the project.
If you're not wanting to customise too much, the Frtizbox equipment is good.
Plenty headroom for normal use.
However if you have 6 people all streaming 4k netflix and need 1mSec ping for gaming over a 10Gb link, you'll probably need to build something.
OpenWRT gets a lot of love around here, incorrectly.
If you are willing to flash custom software to a router you bought for that purpose, you may as well just pick the better option and put pfSense or (better) OPNsense on a mini PC with two Ethernet ports.
The router running OpenWRT will usually be a lot less power hungry than a mini PC, ethernet switch and access point.
That really depends. And whether or not it matters at all depends on the cost of electricity where OP is.
Its high everywhere.
It is absolutely not.
I think the added benefit of an OpenWRT router is, you get 3 more ports (for your TV, Playstation and PC), plus a Wifi network. And it's really hard to break it. But a MiniPC with OPNsense, of course will be more powerful. And some more advanced things have been notoriously difficult to set up in OpenWRT, maybe OPNsense does it a bit better.
if you have an uplink of 1 Gbit/s or less, you can easily solve the problem of ports by purchasing a switch for $3. By the way, there is a mini PC with 4/6/8 ports and even with optical fiber.
and in general, if topic starter build own server, he can just build a router out of it too. the set of programs is not very large: kea-dhcp, radvd, iptables. that's all. for WiFi, you will need a compatible card in the server or a separate access point like ubiquity.
Yup, it's when you want to get above the 1Gbps speeds that the switches tend to get expensive. That and whether they are managed with VLAN's or not.
If your router works for everything but that, I would recommend looking into Tailscale instead of a Wireguard VPN or run a Cloudflare tunnel as a service on the Debian host. Tailscale is free for personal use and is Wireguard under the hood with an orchestrator bolted on. I have done just about everything here has said at some point. I'm running a 10Gbps capable OPNSense firewall. For services outside my network I have several LXC containers with Cloudflare tunnels (broken out by service type) and I have Tailscale installed on one of my physical Debian hosts as an exit node.
If you just want access to everything while your out, Tailscale for your devices. If you want friends to be able to access, then Cloudflare tunnel. Neither require buying anything new.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:
| Fewer Letters | More Letters |
|---|---|
| LXC | Linux Containers |
| PoE | Power over Ethernet |
| SSD | Solid State Drive mass storage |
| VPN | Virtual Private Network |
4 acronyms in this thread; the most compressed thread commented on today has 7 acronyms.
[Thread #276 for this comm, first seen 6th May 2026, 20:40] [FAQ] [Full list] [Contact] [Source code]