I’m struggling with a reverse proxy configuration that worked perfectly before switching to Starlink. My previous setup used standard port forwarding with bridge mode, but now I’m dealing with CGNAT limitations.
Currently running Starlink router in bypass mode feeding my existing network setup. I have what appears to be a public IPv6 address available.
Steps I’ve taken:
Modified my server ports from default 80/443
Configured proxy manager in host networking mode for traffic handling
Set up dynamic DNS container to manage IPv6 address updates
Enabled full IPv6 exposure on router for testing purposes
The problem is that while my IPv6 shows as “Global” in container diagnostics and gets registered by the DNS updater, external access still fails. Browser tools indicate no IPv6 connectivity from outside my network.
The DNS service successfully detects and registers a Starlink-associated address, but something is blocking inbound connections. Has anyone solved similar connectivity issues with this ISP setup?
Starlink’s IPv6 has some quirky aspects that can be surprising when setting up a homelab. You may receive a global IPv6 address, but due to constantly changing prefixes, inbound connectivity can be unreliable despite the address appearing valid. I also encountered issues where my reverse proxy functioned correctly internally but failed during external access tests. A solution I found useful is employing Cloudflare Tunnel or ngrok, which circumvent CGNAT and IPv6 routing complexities by creating outbound connections from your server. Alternatively, utilizing a VPS as a jump host with appropriate IPv4 and IPv6 configurations can establish a consistent tunnel for traffic through WireGuard, ensuring reliable external access irrespective of Starlink’s network changes. Relying solely on the IPv6 route is risky for production services.
yeah, i get the frustration with starlink’s ipv6. they have a habit of blocking inbound ports, even if your address looks good. run a test with port checkers to see if 80/443 are open - usually they’re not. consider using ports like 8080 or 8443; might help!
Had the exact same headache when I moved to Starlink last year. It’s not really port blocking - it’s how Starlink handles IPv6 firewall rules by default. Even with bypass mode, their equipment keeps strict inbound filtering that’s not obvious. What worked for me: check if Starlink’s firewall is still running despite bypass mode. You might need to contact support to verify complete passthrough. Also, some regions have extra restrictions on residential connections that aren’t documented anywhere. Before trying tunnels, test with a simple IPv6 ping from outside to confirm basic connectivity. If that fails, the problem’s definitely upstream from your setup. The dynamic prefix changes others mentioned are real too - even if you get it working, stability might be an ongoing headache for hosting.