I have an issue related to IP address used by Cloudflare. When I request my domain (cloudflare proxy is on) the actual connection to my server happens from IP 22.214.171.124 that is out of Cloudflare IPs scope.
PS I am connecting to DirectAdmin control panel that is on 2083 port which is supported by Cloudflare.
Yes, but you suppose to know them, to setup whitelists properly.
Also, in addition to that, such connections don’t forward original visitor IP for some reason.
I can add, that when I blacklist this IP, I have a timeout connection error from Cloudflare. When I disable Cloudflare proxy I have a correct IP logged. So I have no doubt that the specified IP is used by Cloudflare.
It doesn’t matter. I tried different options. The most accurate way that I tried is using csf (iptables logs). But the webserver access log shows the same IP anyway.
I wouldn’t like to say the provider publicly here (I could dm you if private messages work), but AS34119 has nothing in common with my provider or my provider’s AS. I should have incoming connections from cloudflare AS13335 which I have in my upstream (Cloudflare is peering in the same DC).
This isn’t something that Cloudflare can troubleshoot from their end. You’re going to have to inspect TCP connections at your server, then work your way back to find out why it’s not seeing a connection by one of Cloudflare’s IP addresses.
That’s not necessarily true. If you have a middle box, but your server blocks the middlebox, Cloudflare is going to see it as a timeout.
Meanwhile, I made an additional test deploying nginx (listening 2083 port) on GCP node (Belgium DC) and it receives requests from the same IP 126.96.36.199 when Cloudflare proxy is ON.
By the way, anyone here can make the same test if you doubt that I can log IPs properly.
Initially I had the issue with a completely different web application on a completely different service provider. But doesn’t matter what - at least in case of EU location the connection on 2083 port always comes from Cloudflare with IP: 188.8.131.52
Could you let me send an image to you directly with my results of tcpdump on a brand new CentOs 7 node on GCP on a clean project where you can see the issue that I just reproduced again.
Also I tried to deploy a node in a different region, but exactly the same in the same GCP project and in this case I have incoming connections from IPs that belong to Cloudflare. So you have to deploy your node closer to reproduce my issue. By the way, you can easily do it on GCP with a trial account if you still don’t believe that the issue is on Cloudflare side.