The issue with TCP tunnel on a non-standard port

Zero Trust Cloudflare Tunnel
1

Hello to every one,
I am new to Cloudflare and this is my first post so don’t be too hard on me :slight_smile:

I have a server named: good.server.com. On this server, I have run an application that is waiting for clients on TCP port 35510. So client1 is connecting to tcp://good.server.com:35510 directly. But what I want is to avoid a direct connection to the server (there are lots of reasons, but this time let’s just say I don’t want to expose my server IP).

So I moved my DNS to Cloudflare, then I created a tunnel with Cloudflare ZeroTrust. The tunnel has started with no problem (the web server works through this tunnel without issues). Then I added a public hostname cloud.server.com that points to tcp://localhost:35510.

And now, client2 is trying to connect to tcp://cloud.server.com:35510 but each time I am receiving the error message: “timeout”.

I tried to set up firewall rules(ZeroTrust → Gateway → Firewall Policies → Network) to allow port 35510 and enabling ZeroTrust → Settings → Firewall → Proxy = Enabled
But no changes were observed. Still: timeout.

Please help me to solve this problem.

Thanks :slight_smile:

And take a look at my drawing. Should be more or less self-explaining.

CloudFlare
CloudFlare1702×691 90.6 KB

2

Hello darius,

I wonder if you may be missing to configure the cloudflared tunnel on your client machine, client2 as well. When using cloudflared tunnels for non-http(s) connections, the client machine needs cloudflared as well as the server.

Please, review this [quick guide](https://developers.cloudflare.com/cloudflare-one/applications/non-http/arbitrary-tcp/)

Make sure you follow the steps on the “Connect from a client machine” section.

Thank you. Please, let us if this helps.

3

Thanks Diego, for the suggestion.

The problem is that the clients are IoT low-power devices and I can’t install any software on them. So my thoughts were to use a tunnel and pass data through a Proxy (on Public hostname tcp://cloud.server.com:35510) on Cloudflare. I tried a similar approach with HTTP-based protocol and it worked, but these clients support only TCP (raw binary content) and only work with port 35510.