Join the community today
Become a Member

CSF Special rules in CSF for Argo?

Discussion in 'Other Centmin Mod Installed software' started by vultranet, Mar 29, 2020.

  1. vultranet

    vultranet New Member

    5
    3
    3
    Mar 25, 2020
    Spain
    Ratings:
    +3
    Local Time:
    6:29 AM
    1.7
    MariaDB 10.4
    Hello, when tried to start Cloudflred Argo Tunnel get error because CSF stop conection. I have the ip,s of Cloudflare. Will be apply in CSF rules to allow Cloudflare and get the conection with Argo.

    It happens two days ago. Now I.m haven,t installed Centinmod because I,m installing and optimize Vesta, and get the same error if I no add Cloudflare ips to CSF implemented by myself.

    Go I by the good way ?

    Thanks

    Sorry my English it,s too basic
     
  2. eva2000

    eva2000 Administrator Staff Member

    44,804
    10,216
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,834
    Local Time:
    2:29 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Have you asked Cloudflare tech support ? Did you ensure proper TCP ports were whitelisted in CSF Firewall's /etc/csf/csf.conf or /etc/csf/csf.allow config file for TCP_OUT/TCP6_OUT for egress traffic from comma separated list of ports as per Argo documentation FAQ - Argo Tunnel and Common Errors - Argo Tunnel and CSF Firewall - CentminMod.com LEMP Nginx web stack for CentOS

    and How Argo Tunnel Works - Argo Tunnel
    So need to whitelist outbound TCP/TCP6 ports for 7844 and white list IPs for the route1/route2 argotunnel.com hostnames

    Place in /etc/csf/csf.allow allow file whitelisting for Cloudflare route1/2 hostname's IP addresses to allow egress TCP traffic on destination port 7844
    Code (Text):
    tcp|out|d=7844|d=198.41.192.7
    tcp|out|d=7844|d=198.41.192.47
    tcp|out|d=7844|d=198.41.192.107
    tcp|out|d=7844|d=198.41.192.167
    tcp|out|d=7844|d=198.41.192.227
    tcp|out|d=7844|d=198.41.200.193
    tcp|out|d=7844|d=198.41.200.233
    tcp|out|d=7844|d=198.41.200.13
    tcp|out|d=7844|d=198.41.200.53
    tcp|out|d=7844|d=198.41.200.113
    

    restart CSF Firewall
    Code (Text):
    csf -ra
    
     
  3. vultranet

    vultranet New Member

    5
    3
    3
    Mar 25, 2020
    Spain
    Ratings:
    +3
    Local Time:
    6:29 AM
    1.7
    MariaDB 10.4
    Thanks to you, very well explained. In a few hours deploy a instance with centinmod and try of new. Thanks again.
     
  4. vultranet

    vultranet New Member

    5
    3
    3
    Mar 25, 2020
    Spain
    Ratings:
    +3
    Local Time:
    6:29 AM
    1.7
    MariaDB 10.4
    Code:
    INFO[0000] Version 2020.3.1                           
    INFO[0000] GOOS: linux, GOVersion: go1.12.7, GoArch: amd64
    INFO[0000] Flags                                         proxy-dns-upstream="https://1.1.1.1/dns-query, https://1.0.0.1/dns-query"
    INFO[0000] cloudflared will not automatically update when run from the shell. To enable auto-updates, run cloudflared as a service: Automatically Starting Argo Tunnel - Argo Tunnel
    INFO[0000] Starting metrics server                       addr="127.0.0.1:27603/metrics"
    INFO[0000] Proxying tunnel requests to sysadmincoruna.com.es
    INFO[0000] Connected to VIE                              connectionID=0
    INFO[0002] Each HA connection's tunnel IDs: map[0:2rhs5gf3kyl7bq7uxru7dndgh7s04zftzd3i8c9kssqdf5x5b56g]  connectionID=0
    INFO[0002] +-----------------------------------------------------------------+  connectionID=0
    INFO[0002] |  Your free tunnel has started! Visit it:                        |  connectionID=0
    INFO[0002] |    sysadmincoruna.com.es  |  connectionID=0
    INFO[0002] +-----------------------------------------------------------------+  connectionID=0
    INFO[0002] Route propagating, it may take up to 1 minute for your new route to become functional  connectionID=0
    INFO[0002] Connected to FRA                              connectionID=1
    INFO[0003] Connected to VIE                              connectionID=2
    INFO[0004] Connected to FRA                              connectionID=3
    INFO[0005] Each HA connection's tunnel IDs: map[0:2rhs5gf3kyl7bq7uxru7dndgh7s04zftzd3i8c9kssqdf5x5b56g 1:2rhs5gf3kyl7bq7uxru7dndgh7s04zftzd3i8c9kssqdf5x5b56g]  connectionID=1
    INFO[0005] +-----------------------------------------------------------------+  connectionID=1
    INFO[0005] |  Your free tunnel has started! Visit it:                        |  connectionID=1
    INFO[0005] |    sysadmincoruna.com.es  |  connectionID=1
    INFO[0005] +-----------------------------------------------------------------+  connectionID=1
    INFO[0005] Route propagating, it may take up to 1 minute for your new route to become functional  connectionID=1
    INFO[0006] Each HA connection's tunnel IDs: map[0:2rhs5gf3kyl7bq7uxru7dndgh7s04zftzd3i8c9kssqdf5x5b56g 1:2rhs5gf3kyl7bq7uxru7dndgh7s04zftzd3i8c9kssqdf5x5b56g 2:2rhs5gf3kyl7bq7uxru7dndgh7s04zftzd3i8c9kssqdf5x5b56g]  connectionID=2
    INFO[0006] +-----------------------------------------------------------------+  connectionID=2
    INFO[0006] |  Your free tunnel has started! Visit it:                        |  connectionID=2
    INFO[0006] |    sysadmincoruna.com.es  |  connectionID=2
    INFO[0006] +-----------------------------------------------------------------+  connectionID=2
    INFO[0006] Route propagating, it may take up to 1 minute for your new route to become functional  connectionID=2
    INFO[0006] Each HA connection's tunnel IDs: map[0:2rhs5gf3kyl7bq7uxru7dndgh7s04zftzd3i8c9kssqdf5x5b56g 1:2rhs5gf3kyl7bq7uxru7dndgh7s04zftzd3i8c9kssqdf5x5b56g 2:2rhs5gf3kyl7bq7uxru7dndgh7s04zftzd3i8c9kssqdf5x5b56g 3:2rhs5gf3kyl7bq7uxru7dndgh7s04zftzd3i8c9kssqdf5x5b56g]  connectionID=3
    INFO[0006] +-----------------------------------------------------------------+  connectionID=3
    INFO[0006] |  Your free tunnel has started! Visit it:                        |  connectionID=3
    INFO[0006] |    sysadmincoruna.com.es  |  connectionID=3
    INFO[0006] +-----------------------------------------------------------------+  connectionID=3
    INFO[0006] Route propagating, it may take up to 1 minute for your new route to become functional  connectionID=3
    Many thanks, works like a charm, perfect
     
    Last edited: Mar 30, 2020
  5. eva2000

    eva2000 Administrator Staff Member

    44,804
    10,216
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,834
    Local Time:
    2:29 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    You're welcome. In future, for posting code or output from commands to keep the formatting, you might want to use CODE tags for code How to use forum BBCODE code tags :)
     
  6. vultranet

    vultranet New Member

    5
    3
    3
    Mar 25, 2020
    Spain
    Ratings:
    +3
    Local Time:
    6:29 AM
    1.7
    MariaDB 10.4
    No problem, sorry. I, really fascined with centminmod, 99/100 en google.... without words, it,s ultra-fast
     
  7. upgrade81

    upgrade81 Premium Member Premium Member

    266
    16
    18
    Sep 5, 2016
    Italy
    Ratings:
    +27
    Local Time:
    6:29 AM
    1.17
    10.3
    You use Mod_pagespeed right?