Need help with I think it’s NATing or Forwarding.
First off I am using a CCR2004-pci as a router. Second my ISP does use a proxy, I think. (my WAN ip is 100.67.xx.xxx but my public ip is24.101.xx.xxx)
Third I have a domain that can access my router web login using my wan ip, I know NOT secure!
The problem I have a Nextcloud instance set up and running internally, now I want to get it available outside my house. I think this is the last step for that. I currently do not have a print out of the firewall rules and my isp’s public ip is banned from posting here “viruses on network”
That is going to be difficult, looking at your WAN-IP 100.67.x.x this is CGNAT-space (Carrier Grade NAT) so basically you do not have a public IP for yourself and therefore the world cannot “find” you if they want to initiate a connection to your server. YOU can offcourse initiate to the outside world.
Without any 3e party “helpers” this is impossible.
With “helpers” I mean things like a CloudFlare tunnel or other tunneling-mechanisms where there is no need to “expose” you directly.
If you happen to have some VPS-host somewhere with a provider that can also serve as tunneling endpoint.
In this case we will establish a VPN tunnel from the router to the BTH mikrotik relay server and then all remote users will have a pathway to reach the router.
In this regard AT LEAST, you can access your router and LAN securely and get rid of the bogus access you have setup.
If the number of users is limited, easy to manage, you can let them wireguard in and directly access your servers without any port forwarding.