Question of understanding on network connectivity of cloudflared

Just a question of unterstanding.

I have a domain “sometestsite.com” setup on Cloudflare DNS.
Let’s say, I install cloudflared locally on a machine with the IP 192.168.10.10.
The machine running cloudflared has access to another network 192.168.20.0/24 through it’s default gateway at 192.168.10.1

Question 1:
If I create an application on the above zero trust thunnel, that points i.e. https://server.sometestsite.com to http://192.168.20.99, would that still work?
(cloudflared and the destination is not on the same network)

Question 2:
If Question 1 answer is yes, I would see HTTPS traffic on the gateway 192.168.10.1 origin from 192.168.10.10 towards 192.168.20.99 and could apply some firewall rules to block all other traffic except that one. Is that correct?

Question 3:
Lets’ say I have a stone-age web application that is not secure anymore (developer not available anymore, old unsupported linux, unsupported PHP, etc… you name it) and I need to have it still running for a while. Suppose I cannot change anything on the oldish web configuration without breaking it, and the website is currently still available on the WAN IP 55.66.77.88.
Could I create an application that points to https://55.66.77.88, using the same tunnel as above?
I would make sure that the machine 192.168.10.10 could reach 55.66.77.88 of course.
Would that scenario work?

Thanks
Dan

(FYI: I’ve added another question on Cloudflare tunnel together with WAF to mitigate the risks… )

Assuming that subnet is accessible from that machine… yes.

Assuming you wanted no other machine on the 10.1 subnet to be able to communicate with that machine… yes.

Yes, but the restrictions on accessing the public IP 55.66.77.88 would be done to whatever the egress IP would be for the machine on 192.168.10.10 when accessing the public Internets.

@cscharff , thanks for the quick answer.
I was not surer, but you confirmed my assumptions.
Of course the FW rules would be set on the egress IP of 192.168.10.10, you are right.
Many Thanks
Dan

1 Like

No worries, I’ve supported a number of applications similar tot he one you described in previous lives. :older_man: :slight_smile:

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.