I’ve set up an A record for home.mydomain.com to direct to my static ip, and when I ssh to that IP from outside it works fine, but when I try to ssh to home.mydomain.com, it just hangs and does not connect. When I ping the hostname, I’m getting response from an IPV6 address that I did not add to the DNS records.
It sounds like you have proxy enabled (orange clouded) on that record. When you have proxy enabled, Cloudflare responds with it’s own IPv4/IPv6 Addresses to reverse proxy traffic through Cloudflare. This is how Cloudflare makes many of its features work, it makes your connection:
Client ← Cloudflare → Origin
Cloudflare’s proxy (without using something like Cloudflare Spectrum) only supports HTTP Traffic though, as otherwise, Cloudflare would need to assign each customer an IP Address or have some protocol specific way to tell which customer the connection is for, as they do with HTTP Traffic.
https://developers.cloudflare.com/fundamentals/get-started/concepts/how-cloudflare-works/
https://developers.cloudflare.com/dns/manage-dns-records/reference/proxied-dns-records/
The solution is to disable proxying/DNS-only (gray cloud) the record, and Cloudflare will act as a normal nameserver and just return your IP Address as-is, but you lose Cloudflare’s protections.
3 Likes
Thank you, that fixed the issue. I set up another hostname that I will use for non-HTTP traffic so I can keep Cloudflare’s proxy on the HTTP servers.
Not sure if doing so is much point though, as a potential DDOS attack could be directed to the DNS only hostname instead of the proxied hostname - if the attacker knows the hostname, that is. Of course, obscurity is not security, but at least I’ve made an attempt…
1 Like
You can always use a different domain for your 
hostnames. Cloudflare Access may also be an option depending on your requirements.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.