Discover Centmin Mod today
Register Now

CSF Special rules in CSF for Argo?

Discussion in 'Other Centmin Mod Installed software' started by vultranet, Mar 29, 2020.

  1. vultranet

    vultranet New Member

    12
    4
    3
    Mar 25, 2020
    Spain
    Ratings:
    +6
    Local Time:
    3:07 PM
    1.19
    MariaDB 10.4
    Hello, when tried to start Cloudflred Argo Tunnel get error because CSF stop conection. I have the ip,s of Cloudflare. Will be apply in CSF rules to allow Cloudflare and get the conection with Argo.


    It happens two days ago. Now I.m haven,t installed Centinmod because I,m installing and optimize Vesta, and get the same error if I no add Cloudflare ips to CSF implemented by myself.

    Go I by the good way ?

    Thanks

    Sorry my English it,s too basic
     
  2. eva2000

    eva2000 Administrator Staff Member

    54,361
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    12:07 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Have you asked Cloudflare tech support ? Did you ensure proper TCP ports were whitelisted in CSF Firewall's /etc/csf/csf.conf or /etc/csf/csf.allow config file for TCP_OUT/TCP6_OUT for egress traffic from comma separated list of ports as per Argo documentation FAQ - Argo Tunnel and Common Errors - Argo Tunnel and CSF Firewall - CentminMod.com LEMP Nginx web stack for CentOS

    and How Argo Tunnel Works - Argo Tunnel
    So need to whitelist outbound TCP/TCP6 ports for 7844 and white list IPs for the route1/route2 argotunnel.com hostnames

    Place in /etc/csf/csf.allow allow file whitelisting for Cloudflare route1/2 hostname's IP addresses to allow egress TCP traffic on destination port 7844
    Code (Text):
    tcp|out|d=7844|d=198.41.192.7
    tcp|out|d=7844|d=198.41.192.47
    tcp|out|d=7844|d=198.41.192.107
    tcp|out|d=7844|d=198.41.192.167
    tcp|out|d=7844|d=198.41.192.227
    tcp|out|d=7844|d=198.41.200.193
    tcp|out|d=7844|d=198.41.200.233
    tcp|out|d=7844|d=198.41.200.13
    tcp|out|d=7844|d=198.41.200.53
    tcp|out|d=7844|d=198.41.200.113
    

    restart CSF Firewall
    Code (Text):
    csf -ra
    
     
  3. vultranet

    vultranet New Member

    12
    4
    3
    Mar 25, 2020
    Spain
    Ratings:
    +6
    Local Time:
    3:07 PM
    1.19
    MariaDB 10.4
    Thanks to you, very well explained. In a few hours deploy a instance with centinmod and try of new. Thanks again.
     
  4. vultranet

    vultranet New Member

    12
    4
    3
    Mar 25, 2020
    Spain
    Ratings:
    +6
    Local Time:
    3:07 PM
    1.19
    MariaDB 10.4
    Code:
    INFO[0000] Version 2020.3.1                           
    INFO[0000] GOOS: linux, GOVersion: go1.12.7, GoArch: amd64
    INFO[0000] Flags                                         proxy-dns-upstream="https://1.1.1.1/dns-query, https://1.0.0.1/dns-query"
    INFO[0000] cloudflared will not automatically update when run from the shell. To enable auto-updates, run cloudflared as a service: Automatically Starting Argo Tunnel - Argo Tunnel
    INFO[0000] Starting metrics server                       addr="127.0.0.1:27603/metrics"
    INFO[0000] Proxying tunnel requests to sysadmincoruna.com.es
    INFO[0000] Connected to VIE                              connectionID=0
    INFO[0002] Each HA connection's tunnel IDs: map[0:2rhs5gf3kyl7bq7uxru7dndgh7s04zftzd3i8c9kssqdf5x5b56g]  connectionID=0
    INFO[0002] +-----------------------------------------------------------------+  connectionID=0
    INFO[0002] |  Your free tunnel has started! Visit it:                        |  connectionID=0
    INFO[0002] |    sysadmincoruna.com.es  |  connectionID=0
    INFO[0002] +-----------------------------------------------------------------+  connectionID=0
    INFO[0002] Route propagating, it may take up to 1 minute for your new route to become functional  connectionID=0
    INFO[0002] Connected to FRA                              connectionID=1
    INFO[0003] Connected to VIE                              connectionID=2
    INFO[0004] Connected to FRA                              connectionID=3
    INFO[0005] Each HA connection's tunnel IDs: map[0:2rhs5gf3kyl7bq7uxru7dndgh7s04zftzd3i8c9kssqdf5x5b56g 1:2rhs5gf3kyl7bq7uxru7dndgh7s04zftzd3i8c9kssqdf5x5b56g]  connectionID=1
    INFO[0005] +-----------------------------------------------------------------+  connectionID=1
    INFO[0005] |  Your free tunnel has started! Visit it:                        |  connectionID=1
    INFO[0005] |    sysadmincoruna.com.es  |  connectionID=1
    INFO[0005] +-----------------------------------------------------------------+  connectionID=1
    INFO[0005] Route propagating, it may take up to 1 minute for your new route to become functional  connectionID=1
    INFO[0006] Each HA connection's tunnel IDs: map[0:2rhs5gf3kyl7bq7uxru7dndgh7s04zftzd3i8c9kssqdf5x5b56g 1:2rhs5gf3kyl7bq7uxru7dndgh7s04zftzd3i8c9kssqdf5x5b56g 2:2rhs5gf3kyl7bq7uxru7dndgh7s04zftzd3i8c9kssqdf5x5b56g]  connectionID=2
    INFO[0006] +-----------------------------------------------------------------+  connectionID=2
    INFO[0006] |  Your free tunnel has started! Visit it:                        |  connectionID=2
    INFO[0006] |    sysadmincoruna.com.es  |  connectionID=2
    INFO[0006] +-----------------------------------------------------------------+  connectionID=2
    INFO[0006] Route propagating, it may take up to 1 minute for your new route to become functional  connectionID=2
    INFO[0006] Each HA connection's tunnel IDs: map[0:2rhs5gf3kyl7bq7uxru7dndgh7s04zftzd3i8c9kssqdf5x5b56g 1:2rhs5gf3kyl7bq7uxru7dndgh7s04zftzd3i8c9kssqdf5x5b56g 2:2rhs5gf3kyl7bq7uxru7dndgh7s04zftzd3i8c9kssqdf5x5b56g 3:2rhs5gf3kyl7bq7uxru7dndgh7s04zftzd3i8c9kssqdf5x5b56g]  connectionID=3
    INFO[0006] +-----------------------------------------------------------------+  connectionID=3
    INFO[0006] |  Your free tunnel has started! Visit it:                        |  connectionID=3
    INFO[0006] |    sysadmincoruna.com.es  |  connectionID=3
    INFO[0006] +-----------------------------------------------------------------+  connectionID=3
    INFO[0006] Route propagating, it may take up to 1 minute for your new route to become functional  connectionID=3
    Many thanks, works like a charm, perfect
     
    Last edited: Mar 30, 2020
  5. eva2000

    eva2000 Administrator Staff Member

    54,361
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    12:07 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    You're welcome. In future, for posting code or output from commands to keep the formatting, you might want to use CODE tags for code How to use forum BBCODE code tags :)
     
  6. vultranet

    vultranet New Member

    12
    4
    3
    Mar 25, 2020
    Spain
    Ratings:
    +6
    Local Time:
    3:07 PM
    1.19
    MariaDB 10.4
    No problem, sorry. I, really fascined with centminmod, 99/100 en google.... without words, it,s ultra-fast
     
  7. upgrade81

    upgrade81 Member

    295
    17
    18
    Sep 5, 2016
    CH
    Ratings:
    +30
    Local Time:
    3:07 PM
    1.17
    10.3
    You use Mod_pagespeed right?
     
  8. vultranet

    vultranet New Member

    12
    4
    3
    Mar 25, 2020
    Spain
    Ratings:
    +6
    Local Time:
    3:07 PM
    1.19
    MariaDB 10.4
    Yes , of course. Sorry for delay repply