Messages

Hi,

I'm new to OPNsense, but love it thus far. I'm having trouble accessing my websites that are proxied/protected via Cloudflare. If the sites aren't proxied through Cloudflare, I have no issue accessing them with the 1:1 NAT and Port Forwards that I have setup at the moment. But, if they are proxied, I get an Error 522 "Connection timed out" error from Cloudflare.

I know with Synology, I could handle this with "Trusted Proxies" from the IPs below:
https://www.cloudflare.com/ips-v4
https://www.cloudflare.com/ips-v6

But, I don't know how to implement this on OPNsense, or even if that's what I'm supposed to do.

Any help/recommendations would be greatly appreciated.

Thanks,
AJ

Hi,

I currently use Untangle and am considering moving to OPNsense with Zenarmor. One thing that really makes it difficult for me is that I have websites that are using Cloudflare's as a proxy and WAF. This also hides my websites real IP address. However, there's issue, when someone visits my site, Untangle uses the Cloudflare IP, which sometimes gets flagged as something like a "Scanner" or something. On the webservers, I have it configured to use the X-Forwarded-For or CF-Connecting-IP to get the actual user's IP to log for login failures, etc.

So, I was curious if Zenarmor would act any differently or if there was a better approach? I get a lot of comments from people that they can't access my sites and it's almost impossible to tell why because all that gets logged in Untangle is the Cloudflare IP.

One thought I had, but shot down because it sounded too risky, was to bypass any rules at the router level for these servers and instead use something like CrowdSec or another solution on those servers.

Any thoughts or recommendations would be sincerely appreciated.

Thanks,
AJ