Spectrum testing

Hi everyone,

Is there a way to test Spectrum and ensure my application is working as intended?

Documentation states I can see traffic from Spectrum in the dashboard??

Are you an enterprise customer?

Currently just on the pro plan.

I wouldn’t advise using Spectrum at all; Spectrum on the Pro and Business packages is more of a trial than something you should rely on.

You can create an application and see if it works (Minecraft, SSH, or RDP); however, you won’t have much more analytics or feedback from Cloudflare in plans that aren’t on the enterprise program.

Thanks for the reply!

So there is no way for me to see traffic on Spectrum?

I set up a SSH application and I just want to see the traffic for the IP address.

I noticed the Spectrum menu shows connections, ingress, & egress but it’s not updating even when I SSH into the virtual machine myself.

The Manage Applications page should show current connections.

If you want to verify that your SSH traffic is proxied when connecting though, in PuTTY, I’ll see the *.pacloudflare.com hostname in the title bar. You can also do a traceroute to your spectrum hostname and it should resolve to a *.pacloudflare.com hostname.

2 Likes

Hi Jwds1978,

I have a dumb question so apologies.

Traditionally, I know Spectrum is set up as the “main” A record for an application (ex. virtual machine) as it creates a new DNS record with an IP address attached for proxying.

Currently, I have my Spectrum app utilizing a different hostname.

Main A Record - virtual-machine-example
Spectrum App - virtual-machine-example-ssh

I did this so I wouldn’t run into the issue of a duplicate DNS record error. Is this workaround actually proxying my SSH connections to my virtual machine?

I ran traceroute for both records stated above and the Spectrum app resolves to a *.pacloudflare.com, but the main A record doesn’t. It resolves to my cloud provider.

The Spectrum application will be a CNAME to pacloudflare.com, whereas regular DNS records you proxy (orange-cloud) through Cloudflare won’t be. They’ll be however you configure them.

How Cloudflare works · Cloudflare Fundamentals docs

With that said, do both virtual-machine-example.example.net and virtual-machine-example-ssh.example.net ultimately go to the same origin IP? If so, you’d likely want to ensure that your other DNS records pointing to the same IP are proxied (orange-clouded). Otherwise, your origin IP will be exposed, and one could connect directly to your server, bypassing Cloudflare/Spectrum.

If you’re able, depending on your level of access to the server, set your server to only allow connections from Cloudflare IP ranges. Unless, of course, you need to leave ingress open to other IPs outside of Cloudflare for whatever reason.