I’ve migrated from cloudflare pages to cloudflare tunnels as I wanted to do a little bit more.

I can’t segregate my network as my ISPs router is rather limited, which means no vLANs. Connecting another router would introduce a double nat as they don’t allow bridging. So I’m running my website basically “raw” in a hyperV virtual machine. the website is semi-static and made out of flatfiles, therefore it’s is quite impossible to login into it. as stated before i’m using cloudflare tunnels to expose a nginx server to the interner. what are the chances someone or something (bot) inflataring my network? 100% safety is not possible but how safe am i?

  • weeman45@alien.topBEnglish
    1·
    11 months ago

    As far as i understood it a cloudflare tunneled service should not be visible when port scanning. Or am i completely wrong here? I started using tunnels just so i can avoid opening ports to the internet. I also restricted the access to my services to specific countries.

    • djgizmo@alien.topBEnglish
      1·
      11 months ago

      The only thing a CF tunnel does is protect your home IP. Doesn’t protect the app or server you’re exposing.

      • amizzo@alien.topBEnglish
        1·
        11 months ago

        Well it does slightly more than just obfuscating your home IP, in that it will also do automatic bot, DDOS prevention, etc…

        • djgizmo@alien.topBEnglish
          1·
          11 months ago

          Nothing will stop a general scan from happening. Especially if it’s a slow scan.

          Scans won’t trigger dos/ddos alerts.

          • amizzo@alien.topBEnglish
            1·
            11 months ago

            Well yeah, that would get your host IP…if they’re doing a general scan of whole ISP IP ranges (Which nothing could really stop, except for a good firewall). But there is much more low-hanging fruit for hackers than to scan tens of thousands of unoccupied subnets.

            • djgizmo@alien.topBEnglish
              1·
              11 months ago

              Ilulz. Automated scans cost nothing in resources. That would not find a host IP, it’d find the public Ip and open port.

              • amizzo@alien.topBEnglish
                1·
                11 months ago

                I would consider time a pretty major resource…and yes, you are correct I misspoke/typed. I meant public IP, not host IP…

                Anyway, the point is not to prevent all attack vectors (which is impossible, unless you’re totally offline/air-gapped/etc), OP wants to minimize the probability of infiltration. So to get back to the question, yes CF tunnels help with that when implemented correctly.

          • pastelstocking@alien.topOPBEnglish
            1·
            11 months ago

            tunnels are reverse-portforwarding. ports aren’t open on my network but on theirs.

            anyways i moved back on VPS because im not 100% sure what is my ISPs stance lmao. and since i cant have much control with my internal network for now, id rather stay away but i def wanna host at home eventually