Hi,

I wanted to forward the port to my Traefik install on my TrueNAS server. Unfortunately I have now learned that my ISP restricts the range of ports that I can open externally to 12396-12415, so internally I can open port 443 to port 12400 externally. So far so good, but how do I point my Cloudflare DNS record to this port?

My router is a Fritzbox 7530 if that’s relevant.

  • SpaceCadet@sopuli.xyz
    link
    fedilink
    English
    arrow-up
    10
    ·
    edit-2
    1 year ago

    DNS doesn’t deal with ports, it resolves hostnames to IP addresses and that’s it.

    What you probably need is some kind of reverse proxy that sits outside of your network, listens on port 443 and then directs it to your home IP address on port 12400.

      • SpaceCadet@sopuli.xyz
        link
        fedilink
        English
        arrow-up
        5
        ·
        edit-2
        1 year ago

        If you really want to get anal about it, yes I know there things like CNAME, PTR and MX records too but that’s outside of the scope of this discussion.

        DNS doesn’t deal with ports, there’s no way to say: homelab.example.com should point to IP address 1.2.3.4 and port 12400.

          • brygphilomena@lemmy.world
            link
            fedilink
            English
            arrow-up
            9
            ·
            1 year ago

            For the discussions regarding OPs web server they want externally accessible, no DNS does not do ports.

            For other applications there are SRV records, but that’s beyond the scope of the original question. It sounds like u/spacecadet didn’t want to confuse OP, and while SRV can assist certain applications with ports, pointing it out here isnt helpful.

            • Equinox@lemmy.blahaj.zone
              link
              fedilink
              English
              arrow-up
              2
              arrow-down
              6
              ·
              1 year ago

              Sure, it’s not helpful, but just because something is out of scope for the original question doesn’t mean you can reiterate objectively false statements.

              They probably should have worded it like you did in your first sentence.

      • SpaceCadet@sopuli.xyz
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        Sure, but the point is not so much about which one to use but that the terminating point listening on 443 should sit outside of his network.

        So he will either need a cloud service, or accept that he will have to add :12400 to his URLs.

  • chiisana@lemmy.chiisana.net
    link
    fedilink
    English
    arrow-up
    5
    ·
    1 year ago

    You’d need more than their DNS, as DNS cannot forward ports for you (and before anyone mention SRV records, no, it just tells supported applications which port to use; it does not and cannot externally reassign the port used).

    I believe the tool for the job here is the Zero Trust Tunnel; in the Dashboard, on the left, look for Zero Trust, and then on the new dashboard, go Access > Tunnels to setup the tunnel. Documentations are here: https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/

    • Tywèle [she|her]@lemmy.dbzer0.comOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Currently I am using Cloudflare Tunnel to access my server remotely. But with this I’m always accessing my server through the tunnel even when I’m at home.

      • chiisana@lemmy.chiisana.net
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        If that is a concern (I don’t see much of an issue, but everyone’s got different requirements, so no judgment here at all), then you’d probably want to setup a recursive DNS server inside your network, configure that DNS server to resolve those internal services to your intranet IP address, when it cannot resolve, it recurses to a public one (ie ISP, CloudFlare, quad 9, Google etc). Then, change your network’s DNS to that internal one, so when you’re on your network, you get internal IP address while off network you get CloudFlare tunnel routing.

  • Noah@lemmy.federated.club
    link
    fedilink
    English
    arrow-up
    4
    ·
    edit-2
    1 year ago

    You can create a transform rule (iirc, might be one of the other rules, can’t check right now) that changes the destination port as long as you’re using Cloudflare’s proxy, no need for stuff like srv records.

    edit; alternatively you can use cloudflare’s tunnels feature if forwarding doesn’t work

  • fraydabson@sopuli.xyz
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    I just went through a lot of confusion setting up caddy. In the end it was user error and I got it all working. It’s still fresh in my memory if you still need help after this.

  • brygphilomena@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    You need either a reverse proxy running on a vps or something outside your network or a tunnel to your server from something cloudflare that can do the proxy for you without opening any ports.

    A reverse proxy will be the public server that relays traffic from the standard ports (80, 443) and then fetches the content from your server on whatever port it has open and then returns it to whatever user requested the page.

    Cloudflares tunnel can do the same, but without the need to either open a port nor manage an additional web server. However it needs to be running inside your network to facilitate that connection.

    You mentioned already having a cloudflare tunnel that you are using, so I’d stick with that. If you want to not access it over the tunnel and use a fully qualified URL, you will need to host DNS internally with the internal IP address (or use hosts files) while keeping the public DNS entry on cloudflare configured with their tunnel.