Look at the section "Creating NAT pinholes to any internal IP using the H.323 ALG" for example.
This is using a bug ("feature") that your CGNAT may have implemented (depending on the brand of CGNAT used). Fairly likely that one of those NAT slipstreaming vectors will allow you to punch a hole through it.
Is this reliable enough to actually use for self hosting stuff? Probably not. If you do, tell me :)
Edit: even the oldest versions of this technique (https://samy.pl/natpin/) may work for you. Depends if you're lucky. You don't need any of the exploit details that make this into an attack, only the basic concept of using NAT ALGs for unintended purposes.
Look at this security research about bypassing NATs: https://www.armis.com/research/nat-slipstreaming-v20/
Look at the section "Creating NAT pinholes to any internal IP using the H.323 ALG" for example.
This is using a bug ("feature") that your CGNAT may have implemented (depending on the brand of CGNAT used). Fairly likely that one of those NAT slipstreaming vectors will allow you to punch a hole through it.
Is this reliable enough to actually use for self hosting stuff? Probably not. If you do, tell me :)
Edit: even the oldest versions of this technique (https://samy.pl/natpin/) may work for you. Depends if you're lucky. You don't need any of the exploit details that make this into an attack, only the basic concept of using NAT ALGs for unintended purposes.