IPtables Nginx proxy and CloudFlare(proxy mod ON)

mrsharc1 · May 9, 2020, 2:53am

Good afternoon. Sorry for my English. I will write in simple words

i have server ip: 178.x.x.x (nginx reverse proxy server) (real_ip_header CF-Connecting-IP;)
and i have server ip: 170.x.x.x (main web server)

I put in the rules the following: (match-set dropips src have bad ip adress(168.x.x.x) and should be dropped)

iptables -L -n -v --line-numbers

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 125 6588 DROP all – * * 0.0.0.0/0 0.0.0.0/0 match-set dropips src
2 5441 939K ispmgr_deny_ip all – * * 0.0.0.0/0 0.0.0.0/0
3 5441 939K ispmgr_allow_ip all – * * 0.0.0.0/0 0.0.0.0/0

I have the following chain:
if CloudFlare(proxy mod OFF) > 178.x.x.x (real_ip_header CF-Connecting-IP) > 170.x.x.x
iptables number 1 work and all good

===
Attention Question

I have the following chain:
CloudFlare(proxy mod ON) > 178.x.x.x (real_ip_header CF-Connecting-IP) > 170.x.x.x

In this case, my rule iptables number 1 does not work why?
why it happens? what am I doing wrong?

thx

sandro · May 9, 2020, 7:21am

Server configuration is unfortunately somewhat off-topic for the forum here. This is better asked at StackExchange and alike.

Topic		Replies	Views
Iptables drops the cloudflare IP addresses Security	4	2341	March 22, 2020
Cloudflare and Iptables Not working General	2	4199	January 5, 2021
IP Rules issue Website, Application, Performance	0	644	July 31, 2023
Fail2Ban is stil Banning Cloudflare after white listing General	3	4687	July 20, 2020
Cloudflare IP's getting ban fail2ban for no-script and 404 URL's Security	4	2668	January 3, 2019

IPtables Nginx proxy and CloudFlare(proxy mod ON)

iptables -L -n -v --line-numbers

Related topics