Firewall not getting any requests from Cloudflare

Hi, I am trying to setup Cloudflare DNS with pfSense+HAProxy.

My pfSense firewall is listening to Port 443 for HAProxy. I have also setup Cloudflare DNS and created a subdomain which points to my public ip.

When I try to ping the URL, the request comes to my pfSense firewall. But when I try to access the url on my browser, the request timed out if the DNS proxy is disabled and I get Error 523 if the DNS Proxy is enabled. I am sure the firewall is working well as I can see the logs of requests coming in for ICMP. But I don’t see any logs for TCP Port 443 on my Firewall logs. That means the requests are not reaching my pfSense firewall at all.

Can someone help?

Update:

I have valid certificate on my server and I am using

Cloudflare_DNS_Entry2598×876 127 KB

1. SSL/TLS encryption mode is Full (strict)
2. Always Use HTTPS → Enabled
3. Opportunistic Encryption → Enabled
4. TLS 1.3 → Enabled
5. Automatic HTTPS Rewrites → Enabled

I just don’t know why pinging the python.<domain> works and I see logs in my Firewall but none of the HTTPS requests reach my firewall.

Firewall logs for TCP

firewall_log_tcp2340×952 152 KB

When I try to access the url on browser without Cloudflare Proxy, I get

client_browser_test846×996 28.7 KB

With Cloudflare Proxy, I get

Screenshot 2023-01-17 at 9.25.57 PM2104×2306 343 KB

Welcome to the Cloudflare Community.

You have already diagnosed that the reason Cloudflare cannot connect to your origin server is due to your origin server timing out. You will need to fix that before you have something that the Cloudflare Community can assist you with.

I suggest the Netgate forum or perhaps the Networking & Firewall category of the Lawrence Systems forum. We’ll be here to answer any questions about Cloudflare after you figure out how to fix your origin server.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.