Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


What's the difference between a NAT vps and a regular OpenVZ VPS?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

What's the difference between a NAT vps and a regular OpenVZ VPS?

Sorry if this is a dumb question, but I googled it and couldn't really find anything. Is a "NAT" VPS something that originated from lowendtalk, and became popular within the LET provider community, and then slowly became a thing?

And what are the actual real world differences between using a NAT VPS and a non-NAT VPS?
Like, will you have less, more, or the same performance, etc?

Thanks in advance

Thanked by 1licher70

Comments

  • BruceBruce Member

    NAT VPS uses a shared IP address. non-NAT usually has a dedicated IP for your use only

    Thanked by 1JohnMiller92
  • AlyssaDAlyssaD Member

    A NAT VPS refers to Network Address Translation of an IPv4 address: https://en.wikipedia.org/wiki/Network_address_translation

    Effectively you are getting a VPS with an IPv4 address like 1.1.1.1 that is shared with other users. This means you can't do as much with it as you can with a regular VPS where you get a dedicated IP Address to you, in most cases. For example, you usually can't use port 80 or 443 on a NAT vps.

    The reason is because most IPv4 addresses currently cost 1USD a month if not more. So for providers offering super cheap VPS they run into this as an issue where most of the cost of the VPS is the IP address. NAT is a simple way to get around this.

  • williewillie Member

    NAT is ridiculously cheap and can do almost anything that a dedicated ipv4 VPS can do (except things like DNS involving listening on specific ports), but it is a little bit more vulnerable to DDOS (since many users are sharing the public ipv4 address) and can be a bit more complicated to set up.

    NAT is great for experimental projects if you know what you're doing, but might not be the best choice for beginners.

    Thanked by 1JohnMiller92
  • AlyssaDAlyssaD Member

    @willie said:
    NAT is ridiculously cheap and can do almost anything that a dedicated ipv4 VPS can do (except things like DNS involving listening on specific ports), but it is a little bit more vulnerable to DDOS (since many users are sharing the public ipv4 address) and can be a bit more complicated to set up.

    NAT is great for experimental projects if you know what you're doing, but might not be the best choice for beginners.

    Uhhh.... I am going to disagree that it can "...do almost anything a dedicated ipv4 VPS can..." For example, you can generally only listen on certain ports that are given to you by the provider. So it can't effectively host a website, or DNS, or any other service with a standards based port. It also can be a security risk, for things that use IP verification. Such as Let's Encrypt or a MYSQL that uses the IP address as a verification point.

    All, and all... they are great for hosting small things such as Discord Bots, or other such programs that connect to another resource and don't need to be connected to themselves.

    Thanked by 2emgh FHR
  • emghemgh Member

    I agree to 100% with @AlyssaD. They’re awesome of anything that dosen’t connect directly to the end user.

  • BruceBruce Member

    if you dont know what NAT is, you DO NOT want a NAT VPS

    Thanked by 2Aidan neps
  • williewillie Member
    edited May 2018

    AlyssaD said: So it can't effectively host a website, or DNS, or any other service with a standards based port. It also can be a security risk, for things that use IP verification. Such as Let's Encrypt or a MYSQL that uses the IP address as a verification point.

    1) I did mention DNS as a limitation but how many people really want to run DNS servers on those things?

    2) On many (maybe not all) NAT VPS there is a port 80 reverse proxy that can forward to your web server on an internal address. You also get some NAT ports, as the NAT designation implies, so you can run ipv4 web servers on them and it just means you have to include the port number in your urls.

    3) for Lets Encrypt use DNS verification.

    4) For MYSQL use ipv6 of course. And if Lets Encrypt can use ipv6 now that's even better: set up an AAAA record and you're on your way.

    I've been using NAT VPS for years and haven't found that stuff to present significant obstacles. It does take a little bit more knowledge so that's why I recommended against it for beginners.

    Note that NAT in practice means you don't get a dedicated ipv4 address. You do usually get plenty of dedicated ipv6 addresses and you can use those for many backend services that require dedicated IP's.

    Thanked by 3MasonR mikho AndrewL64
  • AlyssaD said: So it can't effectively host a website

    Wrong. You can host both an IPv6 site and an IPv4 site.

  • AuroraZAuroraZ Barred

    @Ole_Juul said:

    AlyssaD said: So it can't effectively host a website

    Wrong. You can host both an IPv6 site and an IPv4 site.

    Yeape sure can nginx reverse proxy works really well, Do not even need the provider to set up HA Proxy or anything.

    Nginx can even proxy DNS for you if you set it up right.

    Thanked by 1Ole_Juul
  • mikhomikho Member, Host Rep

    @AuroraZ said:

    @Ole_Juul said:

    AlyssaD said: So it can't effectively host a website

    Wrong. You can host both an IPv6 site and an IPv4 site.

    Yeape sure can nginx reverse proxy works really well, Do not even need the provider to set up HA Proxy or anything.

    Nginx can even proxy DNS for you if you set it up right.

    Not all NAT Providers handle default web ports but all LES Providers do.
    In my case I provide reverse proxy using HAProxy for both http and https traffic over ipv4.
    Enter your domain name in the control panel and setup your webserver.

  • mkshmksh Member
    edited May 2018

    @mikho said:

    @AuroraZ said:

    @Ole_Juul said:

    AlyssaD said: So it can't effectively host a website

    Wrong. You can host both an IPv6 site and an IPv4 site.

    Yeape sure can nginx reverse proxy works really well, Do not even need the provider to set up HA Proxy or anything.

    Nginx can even proxy DNS for you if you set it up right.

    >

    Not all NAT Providers handle default web ports but all LES Providers do.
    In my case I provide reverse proxy using HAProxy for both http and https traffic over ipv4.
    Enter your domain name in the control panel and setup your webserver.

    Even if the provider doesn't provide some kind of reverse proxy there is always Cloudshit. Not that i'd recommend using a MITM solution but if works is the only requirement it does the job.

    Thanked by 1Ole_Juul
  • mikhomikho Member, Host Rep

    @mksh said:
    Even if the provider doesn't provide some kind of reverse proxy there is always Cloudshit. Not that i'd recommend using a MITM solution but if works is the only requirement it does the job.

    And this.

  • This community is extremely helpful, especially w/ VPS related questions. Love it. Helps a lot!

  • @Bruce said:
    NAT VPS uses a shared IP address. non-NAT usually has a dedicated IP for your use only

    Would that work for a VPN, like if you are in a country that blocks VPN IPs? You get blocked and get a new one right away? (I have really no idea if or how that works)

  • BruceBruce Member

    in my experience with china, they scan the packet to see what the info is. so the IP address doesnt matter. changing IP would have no effect.

  • mkshmksh Member

    @dergelbe said:

    @Bruce said:
    NAT VPS uses a shared IP address. non-NAT usually has a dedicated IP for your use only

    Would that work for a VPN, like if you are in a country that blocks VPN IPs? You get blocked and get a new one right away? (I have really no idea if or how that works)

    Not sure if i understand you correctly but it seems you think NAT VPS have varying IPv4 addresses and therefore would be good to circumvent IP blocks. Sadly that's not the case. The IPv4 address is (usually) static and shared by dozens of people so you don't even have to get the IP blocked yourself since one of your neighbours probably did so already and getting other IPv4 is not possible so NAT VPS is likely to be worse than regular VPS for your use case.

    Thanked by 1dergelbe
  • @mksh said:
    Not sure if i understand you correctly

    That was exactly what I meant. Thank you! (Even though it's not the answer I wanted to hear)

  • AuroraZAuroraZ Barred

    @mikho I know you and some others have this feature, but not all Providers do this for clients. If they don't Nginx can do it, without resorting to Cloudshit. That is all I was trying to say.

  • mikhomikho Member, Host Rep

    @AuroraZ said:
    @mikho I know you and some others have this feature, but not all Providers do this for clients. If they don't Nginx can do it, without resorting to Cloudshit. That is all I was trying to say.

    I hear you. Thats why I said:


    Not all NAT Providers handle default web ports but all LES Providers do.
    In my case I provide reverse proxy using HAProxy for both http and https traffic over ipv4.
    Enter your domain name in the control panel and setup your webserver.

     
    

    I even quoted you in that post :).

    But if the Provider doesn’t forward port 80 to your NAT (or proxies it with some other software), What do you mean with ”Nginx can do it”?

    Unless you proxy it yourself from another VPS??

  • williewillie Member

    mikho said:

    But if the Provider doesn’t forward port 80 to your NAT (or proxies it with some other software), What do you mean with ”Nginx can do it”?

    I thought the suggestion was that the host could do the proxying with nginx instead of haproxy. Maybe that is easier if they're more used to nginx. I've never set up haproxy but from its docs it looked straightforward enough.

  • mikhomikho Member, Host Rep

    @willie said:

    mikho said:

    But if the Provider doesn’t forward port 80 to your NAT (or proxies it with some other software), What do you mean with ”Nginx can do it”?

    I thought the suggestion was that the host could do the proxying with nginx instead of haproxy. Maybe that is easier if they're more used to nginx. I've never set up haproxy but from its docs it looked straightforward enough.

    Whatever works for you. Thats my opinion :)

  • @willie said:

    mikho said:

    But if the Provider doesn’t forward port 80 to your NAT (or proxies it with some other software), What do you mean with ”Nginx can do it”?

    I thought the suggestion was that the host could do the proxying with nginx instead of haproxy. Maybe that is easier if they're more used to nginx. I've never set up haproxy but from its docs it looked straightforward enough.

    The only thing the host should be doing is sniproxy. Both nginx and haproxy are MITM. If it is going to be MITM I would choose Cloudflare any day over a small provider.

  • mikhomikho Member, Host Rep

    @elwebmaster said:

    @willie said:

    mikho said:

    But if the Provider doesn’t forward port 80 to your NAT (or proxies it with some other software), What do you mean with ”Nginx can do it”?

    I thought the suggestion was that the host could do the proxying with nginx instead of haproxy. Maybe that is easier if they're more used to nginx. I've never set up haproxy but from its docs it looked straightforward enough.

    The only thing the host should be doing is sniproxy. Both nginx and haproxy are MITM. If it is going to be MITM I would choose Cloudflare any day over a small provider.

    You can (and I do) achieve the same thing with haproxy.
    Check the header for the hostname and then forward the traffic untounched to the internal ip.

    That means I don’t have any client certificate, you, as customer, have to install your own certificate on your own server.

  • I believe many NAT providers do give us IPv6 addresses which we can use. Vultr in their $2.5 plan also is giving only IPv6 addresses

  • Necromancy 101

  • @seeder101 said:
    I believe many NAT providers do give us IPv6 addresses which we can use. Vultr in their $2.5 plan also is giving only IPv6 addresses

    But vultr did not provide you a 20 port IPv4, that is why they are advertised as IPv6 only VPS, not NAT VPS

Sign In or Register to comment.