#How to expose port TCP 4242 to public?

13 messages · Page 1 of 1 (latest)

lapis lichen
#

I am hosting an Ubnuntu Linux server behind Ubiquity UniFi Dream Machine Router. I am hosting Reticulum application, which requires me to expose TCP Port 4242 to public. To protect the Public IP, I registered domain with Cloudflare, but not sure how to proceed. I did Port Forwarding on UniFi router and the TCP port is open to public directly to the Public IP, but if I try to scan for that port using DNS, the TCP 4242 is closed.

What do I need to do, in order to solve this. I am using a free account. If possible, please be kind to provide detailed instructions to complete the configuration.

Thank you so much in advance.
J

deep sigilBOT
#
Support AI

I'm happy to help you with your issue. Based on the information you provided, it seems like you want to expose your Reticulum application to the public internet while protecting your public IP address using Cloudflare. To achieve this, you'll need to set up Cloudflare Tunnel, which allows you to expose your application to the internet without exposing your public IP address.

Here's a step-by-step guide to help you configure Cloudflare Tunnel:

Step 1: Create a Cloudflare Tunnel

  1. Log in to your Cloudflare account and go to the "Zero Trust" tab.
  2. Click on "Tunnels" and then click on "Create a Tunnel".
  3. Choose "Self-hosted" as the tunnel type and select "Linux" as the operating system.
  4. Download the cloudflared binary for Linux and follow the installation instructions.

Step 2: Configure Cloudflare Tunnel

  1. Once you've installed cloudflared, run the following command to create a new tunnel:
cloudflared tunnel create <tunnel-name>

Replace <tunnel-name> with a name of your choice.

  1. Follow the prompts to configure the tunnel. You'll need to provide your Cloudflare API credentials and select the domain you want to use for the tunnel.

Step 3: Configure Port Forwarding

  1. In your UniFi router, go to the "Port Forwarding" settings and create a new rule.
  2. Set the protocol to TCP and the external port to 4242.
  3. Set the internal IP address to the IP address of your Ubuntu Linux server.
  4. Set the internal port to 4242.

Step 4: Configure Cloudflare DNS

  1. In your Cloudflare account, go to the "DNS" tab.
  2. Create a new DNS record for your domain with the following settings:
    • Type: CNAME
    • Name: <subdomain> (e.g., "reticulum")
    • Target: <tunnel-name>.cfargotunnel.com> (e.g., "my-tunnel.cfargotunnel.com")
    • Proxy status: Proxied

Step 5: Start the Cloudflare Tunnel

  1. Run the following command to start the Cloudflare Tunnel:
cloudflared tunnel run <tunnel-name>

Replace <tunnel-name> with the name of your tunnel.

Step 6: Verify the Configuration

  1. Use a tool like nc or telnet to test the connection to your Reticulum application:
nc <your-domain> 4242

Replace <your-domain> with your domain name (e.g., "example.com").

If everything is configured correctly, you should be able to connect to your Reticulum application using the Cloudflare Tunnel.

Please note that this is a general guide, and you may need to adjust the configuration based on your specific setup. If you encounter any issues, you can refer to the Cloudflare documentation for more information.

Source: Cloudflare Tunnel documentation

Sources
This is an AI generated response, it may not be 100% accurate. Please validate the output. You can ask followups by replying to this message or mentioning me.
small heath
# lapis lichen I am hosting an Ubnuntu Linux server behind Ubiquity UniFi Dream Machine Router....

What exact protocol is this "Reticulum" exposing on 4242? If it's HTTP/HTTPS you can use a tunnel like suggested above, it would expose it on 443 though and then just route to 4242 internally

if it's some generic tcp protocol, you can use private networking or cloudflared on the client to expose that, but there's no way for the anyone to connect without installing some Cloudflare software on their machine first, in that case.

#

?tunnel-tcp

deep sigilBOT
#

Cloudflare Tunnels use Cloudflare's proxy, which only supports proxying HTTP Traffic. If you want to use non-http applications over your tunnel, Cloudflare has a few other options:

For a few specific protocols such as SSH, RDP, and SMB, Cloudflare has guides for them here:
https://developers.cloudflare.com/cloudflare-one/applications/non-http/

For Arbitrary TCP like Minecraft, MySQL, and any other tcp application, Cloudflare has a guide here: https://developers.cloudflare.com/cloudflare-one/applications/non-http/arbitrary-tcp/

For Arbitrary UDP like Minecraft Bedrock, SMTP, and any other udp application, you will need to use Private Networking with WARP: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/private-net/connect-private-networks/

Please note for all of these except SSH, VNC and RDP which can be browser-rendered, you will either need to use cloudflared (Cloudflare's tunnel daemon) on the client machine running in the background or Private Networking with WARP, and have WARP installed on the client machine logged into your Zero Trust Team.

mint whale
#

You won't get a different answer on Discord to what you got on the Community.

lapis lichen
mint whale
#

No.

#

The only way to expose a TCP port publicly other than a few for HTTP/S is to use Spectrum, that requires an Enterprise plan.

#

You can arrange to connect to the hostname on any port using a tunnel, but this is not public. The client device must be using cloudflared (or an organisation's WARP) for this to work.

#

The reason is the Cloudflare public IP address is shared across 1000s of domains so Cloudflare can't know which domain the traffic is for when it arrives. This only works for HTTP/S because the target host name is included as part of the protocol. Everything else is just packets so needs a dedicated IP address to send the traffic to, which cost and are too few in number, so you have to pay for Enterprise + Spectrum if you want it.

#

Tunnels are ok if it's just for your own remote access, a few friends or a load of corporate employees when all can use the client. But they do not allow public exposure of ports. If they did, I wouldn't be paying a ton of money for Spectrum.