Blocking * ingress IPs breaks CF Tunnels
I use a Hardware firewall (Hetzner), but when I block all ingress IPs (following the Docs), the tunnel state immediately goes down.
Starting log stream it shows that the connection fails and starts retrying periodically.
(Log stream does not immediately disconnect)
I tried looking for IPs and Ports to whitelist on the hardware firewall, but to no avail.
What IP addresses and Ports should i excempt from my ingress traffic block?
4 Replies
Please ping me when replying
Could you share the log lines with the errors?
If your firewall isnt stateful then you probably need to allow some UDP ports, this post https://community.cloudflare.com/t/resolved-connection-issues-with-cloudflared-due-to-ingress-udp-traffic/515241 says for one person allowing 8443/udp ingress works and another person said they had to allow the range 32768-65535 UDP (though I dont know if you need the whole range)
Hetzner Cloudflare Tunnel - Failed to dial to edge with quic - Chri...
Cloudflare Tunnels on Hetzner servers may fail with the error "failed to dial to edge with quic" - here's how you solve it.
ill try the solutions in there, thank you
sadly i currently dont have access to the server, so ill reply with the logs and whether it worked later
Thank you Erisa! This worked flawlessly