IP ranges of Cloudflare - I only need 1 range - Port Forwarding

user13201 · February 14, 2022, 5:53am

Hi, I’m setting up Cloudflare Access for accessing an internal web resource.

I have everything figured out (DNS records and CF Access), except that I need a single, specific IP range to “declare” in my Router, in which I’m setting the port forwarding rule, but CF provides several.

I’m aware of the IP ranges that Cloudflare provides at https://www.cloudflare.com/ips/, but I can only give 1 range to my router. I have tried allowing the first 2 /22 blocks on the list, and there’s no connection yet, but there may be a better way to accomplish this (Even if I get one block right it may change sometime soon).

I’m having Cloudflared as an option, but I still want to do it this way bc in the future I’ll be doing L7 Load Balancing inside this network so I’d like to stick with CF access to keep things easy.

Another way would be to put a custom router in my DMZ but I’d still love to keep things simple.

user13201 · February 14, 2022, 6:02am

Another way of figuring this out would be to “catching” the IP that Cloudflare would use with CF Access to hit my website, but it may be the same problem (If I allow that IP, it will change somewhat randomly in the future)

fritex · February 14, 2022, 5:24pm

Greetings,

Thank you for asking.

In terms of a supported and compatible ports with Cloudflare proxy mode , kindly I’d suggest you to check the below article and re-configure your web app/service to work over the one which is listed:

https://developers.cloudflare.com/fundamentals/get-started/network-ports

Can you change the port which your app is using to the one which is on the list of supported and compatible ones with Cloudflare proxy mode ?

If not, you can switch your hostname to (DNS-only) and it would work normally.

Otherwise, you can switch your DNS record (hostname) to (DNS-only) and it would work.

There is a feature called Cloudflare Spectrum, but it costs and requires higher paid plans to use more ports than usually supported. If interested, please check the link from below:

https://developers.cloudflare.com/spectrum/protocols-per-plan

Official product webpage:

I am not familiar and experienced a lot with this, neither haven’t tried the Load Balancing feature at Cloudflare yet.

Kindly and patiently wait for another reply.

user13201 · February 14, 2022, 7:26pm

Hi. I have no problem with ports or DNS. I’d like to allow only CF IP addresses to my network, but my router’s rules only allow for 1 IP range or CIDR block and Cloudflare gives you a big list of them

cscharff · February 14, 2022, 7:29pm

Buy a better router or use Cloudflare tunnels.

user13201 · February 14, 2022, 7:30pm

I’m trying to avoid that, but I guess you’re right, I may need to take extra steps to accomplish this

cscharff · February 14, 2022, 10:38pm

Or configure your origin server to understand x-forwarded-for or a custom header you insert into requests.

user13201 · February 16, 2022, 3:25am

Thank you, I solved this beautifully with cloudflared. It works like a charm, and it actually works better than what I initially intended to do!

system · March 3, 2022, 3:26am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.