My ISP blocks 28967. Can I use reverse proxy as Tailscale?

I talked to my ISP and they block everything. That’s a disgraceful situation. I keep the offline/quic misconfigured status.

I can get a public IP from them, but it will more then double the price I pay for internet connection.

So, I’m researching any solution to get Storj node working. Can I use some kind of reverse proxy? (Tailscale, as an example)

Anyone ever used it?

Hello @marcelosandrini,
Welcome to the forum!

You need to use a VPN service with port forwarding feature like, ngrok, PIA, PureVPN, AirVPN, etc.
Reverse proxy may not work, they usually configured to proxy HTTP traffic, but node uses DRPC (not gRPC!)
However, if they “block anything”, then they probably will block VPN/Proxy too.
Consider to switch your ISP to less strict.

But more like they do not block anything and just use CGNAT for you. You may ask for dynamic public IP (the WAN IP from your router will match IP from Open Port Check Tool - Test Port Forwarding on Your Router), it’s not required to be static. Perhaps this option they could give you for free.
If so, you may configure your DDNS hostname and use it instead of public IP in the node’s configuration.
Please note - NoIP will not solve the CGNAT issue, it’s possible only on ISP side, NoIP will help with dynamic public IP only.

1 Like


Thank you for for fast help!

My Wan IP matches the one in our checker, whatsmyip and so on. IT should be an dynamic public up, but portchecker says port 28967 is closed.

I already configured no-ip and even set it on my router, as I did the port forwarding too. But I have no positive results yet.

My ISP provides service by optic fiber, so my network is like: fiber converter>router>node. I don’t have any access to the fiber converter, though.

fiber converter usually is just a converter and cant block anything.
do you have windows node or linux? if windows, then windows firewall?
what router do you have?
how did you made port forward in router?

I’m running the storj node in Linux, specifically a docker node.

I have a TP-Link router, which have “virtual server” named port forwarding function. I did 28967 external port, tcp/udp, local IP for Linux and internal port blank (It copies the external when leave blank)

In Linux, ufw status reports as disabled.

then your port forwarding or firewall or node are misconfigured.
Please show your docker run command (you may mask your private information).
Please also post a screenshot for port forwarding rules from your router.

docker run -d --restart unless-stopped --stop-timeout 300
-p 28967:28967/tcp
-p 28967:28967/udp
-p 14002:14002
-e WALLET=“xxxxxxxxxxxxxxxxxxxxxxxxxxx”
-e EMAIL=“
–user $(id -u):$(id -g)
–mount type=bind,source=“/data/storj_identity/storagenode”,destination=/app/identity
–mount type=bind,source=“/data/storj_data”,destination=/app/config
–name storagenode storjlabs/storagenode:latest

How are you connecting to your ISP?
Do you have a box in your house/apartment/flat/etc. that is provided by them that you can log into and configure or are you on a shared service in the complex that you connect only to somehting you bought?
You typically have to configure the port forwarding on their equipment such as a coax modem/router not the personal wifi you installed.

Actually they need to configure on both, unless router in the access point mode (or bridge).

Do you have another interface in the port forwarding rule?
Do you really use PPPoE to have an internet?

Yeah, I user pppoe and my ISP does a CGNAT to provide its services.

I achieved to reach them and they provided a fixed IP inside their network, opening some ports. And they changed too my ONT (the optic fiber “modem”), delivering now two ethernet ports: one with their fixed ip, only to use some access ports (6000-6004 range) and the other with my current network pppoe access.

I’m really angry with the poor qualkity service they provide, but I’m limited to a year contract that still have some months.

Can I add a new network card to the computer I’m running Storj node and use this new card to connect to the lan port with their crap limited-open-port-access?

I have an ONT in my house, that converts fiber to ethernet cable, and it connects to a router (it’s also property of ISP, but I have access to it).

However, ISP uses CGNAT, so I do not have a public IP address neither can simply use DDNS to update IP on storj, as CGNAT blocks many ports.

Today, their support came here at home and changed their ONT to one that provides somewhat like a second link: one extra port that has a fixed IP inside their MAN and has some open ports.

maybe, try:

-p 6000:28967/tcp
-p 6000:28967/udp

And how can I bridge the Storj node container to secondary eth?

Well, I think I’ll have to give up trying to put it to work under my current ISP…

A simple procedure was turned into a week-long nightmare =/

you can bind it to the IP address of the second Ethernet ( in this example), like this:

-p \
-p \
-p \
-e ADDRESS=your.noip.domain:6000 \

But you may try to use a normal form (it’s binding to all interfaces by default, i.e. to

-p 6000:28967/tcp \
-p 6000:28967/udp \
-p \
-e ADDRESS=your.noip.domain:6000 \

I understand your frustration, I have had a deal with similar ISP (it’s also a biggest ISP in the country), but at least yours made a port forwarding for you on their equipment - it’s a very rare case, very kind from their side (unless they charged you for that :slight_smile: ).

They will charge me about USD 4 per month to do the port forward and keep it =/

I’ll already bind to all, but tomorrow I’ll try to install a second NIC and let’s see what happens =D

This is what I have now:


PS: I referred to port 6000, but the correct one was 6400

Please check your allowed port range, because it seems like doesn’t match.
Also your ADDRESS option should contain your external address/IP and the same published port.

It was a tipo. Thecorrect are 6000-6004, which are what I’m using. Or trying to =t

In this case your docker run command should use the correct external port, like in my example:


-p 6001:28967/tcp \
-p 6001:28967/udp \
-p \
-e ADDRESS=your.noip.domain:6001 \

and so on