I setup Zero Trust with a tunnel to my proxmox server reachable by a public hostname, I am able to reach the host when I connect to the warp client which seems right by my rules however within Proxmox my firewall rules only allow 2 ip addresses to access the gui. How is any device from any location using warp able to bypass those firewall rules? This is not an issue, as it is behaving how I want it to. I just want to understand why. Thank you
Please find a detailed explanation of how a Cloudflare Tunnel works below.
The tl;dr is that users don’t connect directly to your Proxmox server: they only connect to Cloudflare’s network, while cloudflared makes an outbound-only connection from your Proxmox server to Cloudflare.
I ran " netstat -tnp | grep :8006 " in my Proxmox shell and saw the cloudflared tunnel which stated my own servers IP address : random port → Server IP : port 8006
So the reason the firewall was bypassed is because the tunnel made the traffic look like it originated at the source. Does this sound right?