Cloudflare IP Address is out of /ips/ scope

I have an issue related to IP address used by Cloudflare. When I request my domain (cloudflare proxy is on) the actual connection to my server happens from IP 185.2.168.3 that is out of Cloudflare IPs scope.

PS I am connecting to DirectAdmin control panel that is on 2083 port which is supported by Cloudflare.

1 Like

Doesn’t look like Cloudflare IP for me. Cloudflare have tons of ip addresses.

image

Yes, but you suppose to know them, to setup whitelists properly.
Also, in addition to that, such connections don’t forward original visitor IP for some reason.

I can add, that when I blacklist this IP, I have a timeout connection error from Cloudflare. When I disable Cloudflare proxy I have a correct IP logged. So I have no doubt that the specified IP is used by Cloudflare.

Has 72 hours passed and can I get finally some @MoreHelp? Ticket id is 2257571.

Actually, not yet :wink:

2 Likes

It has been a week. I have neither replies here nor to my ticket. What my next actions should be?
Thanks.

As I’ve already mentioned, I am 100% sure that this address is used by Cloudflare. It is not even a question. I used different techniques (mentioned above and some more) to make sure.

A few services report this IP as a proxy or bad reputation IP.

Are you absolutely sure that you have not changed your hosts file for testing directly to the server and tried to access the server while using a VPN?

Yes, I am 100% sure that Cloudflare uses it for 2083 port (usually used for cPanel) connections.

Also, byethost (IP user) is a very big webhosting provider that uses cPanel. And I don’t know why Cloudflare uses their servers to proxy connections to 2083 port, but I want to know, so I am here.

@MoreHelp It has been almost 2 weeks. I have neither replies here nor to my ticket yet. Thanks.

How are you recording where the actual connection comes from?

The IP is actually registered by Wildcard Networks (AS34119) and assigned to IfastNet in Newcastle. It looks like it’s nested hosting providers. Who is your hosting provider?

1 Like

It doesn’t matter. I tried different options. The most accurate way that I tried is using csf (iptables logs). But the webserver access log shows the same IP anyway.

I wouldn’t like to say the provider publicly here (I could dm you if private messages work), but AS34119 has nothing in common with my provider or my provider’s AS. I should have incoming connections from cloudflare AS13335 which I have in my upstream (Cloudflare is peering in the same DC).

Its been almost 1 month since I started this topic. And it has been 10 days since I received the first reply to my ticket and replied back. The issue is still not fixed.

Meanwhile, I made an additional test deploying nginx (listening 2083 port) on GCP node (Belgium DC) and it receives requests from the same IP 185.2.168.3 when Cloudflare proxy is ON.

By the way, anyone here can make the same test if you doubt that I can log IPs properly.

@MoreHelp after more than a month no more replies here or to my ticket… How long may it take to actually review the issue by the support?

This isn’t something that Cloudflare can troubleshoot from their end. You’re going to have to inspect TCP connections at your server, then work your way back to find out why it’s not seeing a connection by one of Cloudflare’s IP addresses.

That’s not necessarily true. If you have a middle box, but your server blocks the middlebox, Cloudflare is going to see it as a timeout.

1 Like

Please, read my post carefully:

Meanwhile, I made an additional test deploying nginx (listening 2083 port) on GCP node (Belgium DC) and it receives requests from the same IP 185.2.168.3 when Cloudflare proxy is ON.

By the way, anyone here can make the same test if you doubt that I can log IPs properly.

Initially I had the issue with a completely different web application on a completely different service provider. But doesn’t matter what - at least in case of EU location the connection on 2083 port always comes from Cloudflare with IP: 185.2.168.3

Sorry, but I just can’t replicate this. The closest server I can deploy is Paris:

Unfortunately I don’t have Vultr account to test it on the same server as you and its farer away from the initial server I experience the issue with. The Belgium DC I used for a test is closer.

How did you log IPs here? The last time I used ngnix access log for it. Would be better to use the same way to log IPs at least.

tcpdump -i any port 2083

and then I just let it run.

Could you let me send an image to you directly with my results of tcpdump on a brand new CentOs 7 node on GCP on a clean project where you can see the issue that I just reproduced again.

Also I tried to deploy a node in a different region, but exactly the same in the same GCP project and in this case I have incoming connections from IPs that belong to Cloudflare. So you have to deploy your node closer to reproduce my issue. By the way, you can easily do it on GCP with a trial account if you still don’t believe that the issue is on Cloudflare side.