Cloudflare private network ingress rules confusion

My overall goal:

  1. Use the dashboard to create a tunnel to host (running Windows) with a private network 10.0.0.0/8
  2. Have warp client on client machine
  3. Split tunnel to include only 10.0.0.0/8
  4. Connecting to 10.0.0.1 from the client connects to http://localhost:8080 on the host
  5. Connecting to 10.0.0.2 from the client connects to http://localhost:8081 on the host

My confusion is with the configuration of 4 and 5. I’m having a hard time parsing which information is for locally configured tunnels and which is for ones managed from the dashboard. Do I need a config file? Do I need to change the launch options in the registry key for the cloudflared service? Do I need both? Do I need neither? Or can one of the categories of “rules” in the dashboard take care of this? I couldn’t really tell whether the rule would apply after reaching the tunnel endpoint or before even getting to the tunnel.

(I obviously don’t really know what I’m doing that well, I’m just trying to replace ngrok with cloudflare tunnels, and get the same functionality as running ‘ngrok http [port]’