Cloudflared Tunnel With Drop As Default Policy

Hello, I was wondering how to get cloudflared to work with Linodes firewall when Drop is the Default selection. I get a Argo Tunnel Error when using Drop as default even with port 80 and 443 open.

1 Reply

I found some Cloudflare documentation for using a tunnel with a firewall that suggests you'll need to allow outbound traffic to certain destinations on port 7844. You can find that list right here.

Our Cloud Firewalls use IPs for destinations not URLs, which is what they provide. But you can figure out a way to use that information with our firewalls. For example, I used one of the endpoints they provided to get a list of IP addresses:

dig +short region1.v2.argotunnel.com
198.41.192.167
198.41.192.47
198.41.192.7
198.41.192.67
198.41.192.107
198.41.192.27
198.41.192.37
198.41.192.57
198.41.192.77
198.41.192.227

Since they all start with 198.41.192, I then used a cidr notation calculator to figure out the range, which I think would look like this:

198.41.192.0/24

If you allow access to that range in Cloud Manager (along with any IPs or ranges for the other destinations listed) you should be able to use use the tunnel without those errors. Keep in mind that the IPs of those destinations could change in the future and you may need to update your firewalls accordingly.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct