[fooqux]

Did you miss the part about CG-NAT? Once your ISP runs out of their IP4 addresses and puts you behind a CG-NAT, you can punch all the holes you like; nothing is going to get to you.

At least not without doing fancy stuff like using an externally-hosted VPN to shuttle connections to you.

[Semaphor]

The GP has both versions, not just CGNAT (which would have made their comment less nonsensical):

> If you are behind NAT or CG-NAT

[vetinari]

People seem to have misconceptions about CGNAT.

Of course you can punch holes there. CGNATs can be asked for port forwarding using PCP, unless your ISP disabled that.

[fooqux]

I've yet to see a single ISP (I live in the US) that even allows customers to host services. If you look in the TOS for services like Comcast, AT&T, T-Mobile, etc, you'll see a part about hosting services being forbidden. And that's even for normal IP4 addresses that aren't behind CG-NAT. Now, they probably don't look too hard unless you give them reason (I hosted various things over a Comcast connection for a decade) but the rule is in there.

Perhaps it's different for a mom & pop ISP, but I don't see the big ones configuring anything that makes it easier to do what they already don't want you doing anyway. They see the inability to forward ports as a feature, not a bug.

[vetinari]

I'm not in US, but in EU. Here, T-Mobile or Orange do not have a problem with incoming traffic, and they know that people have security cameras, doorbells, or NAS devices in their homes that they want access from outside.

So even if you expose your Home Assistant web to the wide web, no ISP is going to have a problem with that and won't interpret it as hosting services. What they really want is that you don't run a bandwidth intensive services on a consumer connection, which is going to be overbooked somewhere in their infra, causing service degradation to other users.

And for example Orange does provide PCP for their CGNAT.