Creating CNAME using cloudflared

I’m on the second to last step in creating my first tunnel. The syntax in the command is as follows:
$ cloudflared tunnel route ip add <IP/CIDR>
Can someone enlighten me as to where I would find the IP/CIDR to input into this field? And I assume the the being referenced too would be either my application name or subdomain?
I tried to go back to the page where I was trying to create the tunnel but now it’s just showing me an inactive entry?


Correction : cloudflared tunnel route ip add <IP/CIDR> name id or name

If you are using AWS that would be in subnet of ec2 instance

Thank you for the response, I do appreciate it but unfortunately that still leaves me in the dark.
I don’t use AWS, am I supposed to get this info from a third party? Like my registrar or where my domain is being hosted? Sorry if the questions seem so basic but I’m new to this tunnel thing and am trying to learn as I go. I’ve spent the better part of two days reading on Cloudflare tutorials but some details are still elusive to me.


May I know where is your application hosted or who is your cloud provider

I’ve never used Route. I have running tunnels, then create an Ingress Rules file, much like the one in the documentation:

Instead of using cloudflared to create my CNAME record, I add it manually, like with a target of

I signed up a free account with Cloudflare.

But who is your cloud provider or were is the application hosted

Oh, sorry, misunderstood. I might as well tell the whole story here while I’m at it. Forgive me if this becomes too long of a post.
I live in a very rural area in New Brunswick, Canada where our Internet has been absolutely terrible for years now and I’m running a small Computer repair shop/IT consulting business. Recently updated my Internet to Starlink knowing that they used CGNAT and that Port Forwarding through my router at the shop wouldn’t work for my internal NAS but thought I’d be able to create a workaround using Cloudflared tunneling service which apparently others have been able to do.
So to answer your question, the application/service I’m trying to setup is my NAS at my shop which I need to make available via Internet hopefully using my subdomain to connect too from outside the shop from different locations.

Hopefully this clears things up. And thanks for the response.

You should definitely look at this guide from team’s


Also I don’t know much about the CIDR if you are in a LAN but definitely give a shot.

First find private ip of your network.
Private ip range are reserved so it will be one of this list

This is your CIDR then add a route using this command

I will definitely look at the tutorial, thanks.
I already have a private IP statically assigned to the NAS server on my LAN.

I’ve decided to start from scratch created my tunnel. I’m now on step 5: Create a configuration file
Should I use the supplied parameters for application or network? And if application, do I edit the localhost:8000 to my private IP and port number I have assigned to the NAS?

Much appreciating the help, thanks.

Local host is fine, change to port on which nas is listening

cloudflared tunnel route dns NAS
Failed to add route: code: 1003, reason: An A, AAAA or CNAME record already exists with that host.

Do I now need to delete my DNS entries?

Delete your old dns record

Connection was established, I was able to browse my subdomain and was greeted by my Cloudfare login and which sent me a one-time pin which I entered. At this point I’m getting Error 502 Bad Gateway. In console, I’m getting "error=“unable to reach the origin service. The service may be down or is not responding to traffic from cloudflared: dial tcp [::1]:8080: connectex: No connection could be made because the target machine actively refused it.” cfRay=6ab12eb5bec93348-EWR originService=http://localhost:

I’m certainly making progress but not sure where to go from here.

Make sure your nas is working on the port 8080

But in my .yaml file I have the url set to http://localhost:5001?

Set to the port to which nas is listening

So my NAS has a private IP of 192.168.0.XXX and is listening on port 5001. Should my .yaml file contain the same info? Do I need to restart the tunnel connection for changes to take effect?

My NAS server does contain a section under networking where I can add Trusted Proxies in the form of CIDR. Maybe this is where the connection is being refused?

What is it your trying to do? I thought all you were trying to do was add a DNS entry for your tunnel.

I’m also concerned about this:

Are you expecting much traffic? Or is this just for occasional light use for when you’re away from your shop and need access to your data?

:orange: Proxied hostnames are supposed to be used for website traffic, so a lot of non-website traffic may get you into trouble.