Firewall and Cloudflare Proxy.

[ctrlshifti]

Hello, I would like to use a proxied Cloudflare DNS A record that points to a Proxmox VM IP. However, I've encountered an issue where adding my IP address to the whitelist doesn't grant access because Cloudflare uses its own IPs. The original visitor's IP is available through the CF-Connecting-IP header. I wonder how to configure the Proxmox VM firewall to use the IP from the CF-Connecting-IP header instead of the connection IP.

 

[_gabriel]

I wonder how to configure the Proxmox VM firewall to use the IP from the CF-Connecting-IP header instead of the connection IP.

you can't as proxmox firewall is iptables gui, it doesn't inspect http header.

 

[louie1961]

You could do this using a cloudflare tunnel. You will need a registered domain that you own, to do this. With a tunnel you can use an internal/private IP address and you don't need to do any port forwarding on your firewall.

 

[SimonDiamond]

If the Proxmox firewall is blocking legitimate traffic while allowing unwanted requests, double-check the rules for Cloudflare's IP ranges. Sometimes, people use an ip stresser to hit a server with traffic disguised as normal requests, which makes fine-tuning firewall settings even more important. Make sure you're allowing only the necessary Cloudflare IPs and blocking any direct access attempts to your real server IP to reduce exposure to attacks.