Determine if your ISP uses Carrier-Grade NAT which blocks port forwarding.

CG-NAT means you share a public IP with other customers, preventing port forwarding.

Carrier-Grade NAT (CGNAT) means your ISP shares a single public IP among multiple customers. This prevents port forwarding from working because you don't have a unique public IP address.

CGNAT, also called Large-Scale NAT (LSN), is NAT performed by your ISP before traffic reaches your home router. Multiple customers share the same public IP address.

Check router WAN IP:

1. Log into router admin panel
2. Find your router's WAN IP address
3. Check if it starts with 100.64.x.x (CGNAT range)

Compare with public IP:

1. Visit whatismyip.com or similar service
2. Note your public IP address
3. Compare with router WAN IP
4. If they differ, you're behind CGNAT or double NAT

• Port forwarding rules appear to work but don't
• External port checkers show ports as closed
• Router WAN IP is in 100.64.0.0/10 range
• ISP is mobile provider or certain cable companies

Port forwarding will not work because you don't have a unique public IP.

Alternatives:

• Use Cloudflare Tunnel for external access
• Request static IP from ISP (may cost extra)
• Consider changing ISPs if hosting is important
• Use VPN services that support CG-NAT

The CG-NAT address range is 100.64.0.0/10. If your router's WAN IP falls in this range, you are behind CG-NAT.

• How to Detect If You Are Behind Carrier-Grade NAT (CGNAT)
• CGNAT Checker: How to Test if You Are Behind Carrier-Grade NAT
• One IP address, many users: detecting CGNAT to reduce collateral damage

• Networking Overview
• Alternatives to Port Forwarding

Last updated: 2026-06-19

• Return to hosting