How to open/forward TURN/STUN port using cloudflare tunnel? | Cloudflare Developers | Page 1

limpid mist Jan 30, 2024, 9:17 PM

#

I've this

version: "3.7"
services:
  screego:
    image: ghcr.io/screego/server:1.10.0
    ports:
      - 5050:5050
      - 3478:3478
      - 50200-50400:50200-50400/udp
    environment:
      SCREEGO_EXTERNAL_IP: "dns:share.ashishjullia.com@1.1.1.1:53"
      SCREEGO_TURN_PORT_RANGE: "50200:50400"
      SCREEGO_CORS_ALLOWED_ORIGINS: "https://share.ashishjullia.com"
      SCREEGO_AUTH_MODE: "none"
      SCREEGO_TRUST_PROXY_HEADERS: "false"
      SCREEGO_LOG_LEVEL: "debug"
  cf-tunnel:
    image: cloudflare/cloudflared
    restart: unless-stopped
    command: tunnel run
    environment:
      - TUNNEL_TOKEN=<>

And I'm tryin to forward all these ports via th cf tunnel.

I can forward port 5050 which is a HTTP port but not sure whether it is possible to forward the 3478 which is a STUN/TURN port and I want to open 50200-50400/udp as well.

Is there a way with which I can just forward/expose/open the complete network of this compose file? I mean the network local to this cloudflared network or container.

Is it even possible?

I know a complete network can be opened using the private network of a tunnel but I want to map this application to a domain/sub-domain.

Here is my conversation with the owner of the application: https://github.com/screego/server/issues/167

Any help and pointers are appreciated as I really want this project to get going but want to self host it at the same time.

hexed bane Jan 30, 2024, 9:44 PM

#

?tunnel-tcp

sweet crescentBOT Jan 30, 2024, 9:44 PM

#

Cloudflare Tunnels use Cloudflare's proxy, which only supports proxying HTTP Traffic. If you want to use non-http applications over your tunnel, Cloudflare has a few other options:

For a few specific protocols such as SSH, RDP, and SMB, Cloudflare has guides for them here:
https://developers.cloudflare.com/cloudflare-one/applications/non-http/

For Arbitrary TCP like Minecraft, MySQL, and any other tcp application, Cloudflare has a guide here: https://developers.cloudflare.com/cloudflare-one/applications/non-http/arbitrary-tcp/

For Arbitrary UDP like Minecraft Bedrock, SMTP, and any other udp application, you will need to use Private Networking with WARP: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/private-net/connect-private-networks/

Please note for all of these except SSH and VNC which can be browser-rendered, you will either need to use cloudflared (Cloudflare's tunnel daemon) on the client machine running in the background or Private Networking with WARP, and have WARP installed on the client machine logged into your Zero Trust Team.

hexed bane Jan 30, 2024, 9:44 PM

#

tldr no its not possible

limpid mist Jan 30, 2024, 9:46 PM

#

@hexed bane possible via warp in gateway mode or not?

hexed bane Jan 30, 2024, 9:47 PM

#

Yes if everyone who connects to the site uses WARP and you expose it over a defined private IP range

#

The setup isnt simple but is covered under https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/private-net/connect-private-networks/

#How to open/forward TURN/STUN port using cloudflare tunnel?