Is is possible to bypass NATed/CGNAT environments using cloudflare workers?

Hi guys,

I have a raspberry pi running Nextcloud at home, unfortunately its behind my ISP NAT which doesn’t allow me to connect to it from outside. I was planning on getting a VPS that runs a VPN which will forward all traffic to my PI.


  1. Can Cloudflare workers be used to ‘punch holes’ though a CG-NAT? (ex. My pi will keep a connection open with a worker and prevent it from being terminated by router NAT, this can be done by pinging/sending heartbeat signals to it several times a minute. The worker will listen it its routes and send all incoming traffic to it to the pi.

  2. Can someone explain me the concept of ‘compute time’ a little better? On workers unlimited I get 50ms for CPU compute time, what does exactly does compute mean in this case? If I am making a subrequest to some other API somewhere, is the clock still running while that resolves?

  3. How long can a data be streamed over cloudflare workers? (Suppose I have simple worker logic that authenticates with an s3 endpoint and provides user with a 2GB file. The route looks like S3–>Cloudflare Worker Edge–> Client) How long before cloudflare will cut my connection are there any limits?

Note: I am aware that (cloudflared) Argo tunnel can be used for routing behind a NAT, but I am just checking if there any hack to pull with NAT and serverless. :slight_smile:

No, I don’t think Workers would help for this. You need to find a way to open your origin so that it is reachable from the Cloudflare edge (Workers and otherwise). As an alternative, you may wish to try running an Argo Tunnel on your NATed/CGNATed origin server. This would open up a tunnel between your origin and the Cloudflare edge, which would hopefully bypass any NAT/CGNAT issues.

As for your questions about usage limits for Workers, it would probably be best to open a support ticket with the Cloudflare Support Team so that can give you an answer on that.

1 Like