Hi All,
I’m experiencing a really strange issue with my setup. A little bit of background information:
- My public DNS zone is managed by CF (name servers are melinda & theo)
- i have added an A record in the CF DNS management dash to point to the public IP of the router
- i opened/forwarded port 443 only to my internal web service
- on my router i accept connections only from the Cloudflare servers (https://www.cloudflare.com/ips/)
- i’m monitoring (tcpdump) my public facing port on the router
- Universal SSL status is active (Full mode)
The problem is:
- if the A record is proxied there is no traffic captured at all on the wan interface targeting port 443 (even if i try to telnet or browse it on https). Even if the lockdown policy was incorrect on the router, I should be able to see traffic targeting my router, but there is none. If i try to telnet/browse my public ip on port 443, i can see traffic hitting the interface as we expect (it’s blocked - as it’s not originating from the CF IP ranges)
- if i turn off the proxy, and try to do the same browsing/telnet; the traffic is hitting the router’s interface
The conclusion is; if i enable the proxy on the mentioned A record, it doesn’t seem to be forwarded to my web service public IP.
Thank you in advance,
Pete