简体中文 / [English]


Cloudflare Free Tunnel for Internal Network Penetration

 
ExplorationNetworking

This article is currently an experimental machine translation and may contain errors. If anything is unclear, please refer to the original Chinese version. I am continuously working to improve the translation.

Recently, ISPs across various regions in China have made it increasingly difficult to obtain public IPv4 addresses (although IPv6 is being widely promoted). If you’re trying to host a publicly accessible service on a machine without a public IPv4 address, you’ll need some form of server forwarding.

Publicly available internal network tunneling services often lack stability. Domestic servers require ICP备案 (ICP filing), and bandwidth is expensive. Overseas servers come with high traffic costs and may be subject to blocking by the firewall.

By chance, I discovered that Cloudflare officially offers a free internal network tunneling solution—so I decided to give it a try.

Prerequisites

  1. A Cloudflare account
  2. A domain name hosted on Cloudflare (can be registered either domestically or internationally, no ICP filing required)
  3. A credit card capable of making international payments (used to register for Cloudflare Zero Trust services)

Setup Guide

  1. Log in to the Cloudflare dashboard, select your domain, and navigate to Cloudflare Tunnel in the left sidebar.

    cloudflare-1.pngcloudflare-1.png

  2. On your first visit to Cloudflare Tunnel, you’ll be prompted to choose a plan. Simply select the free plan. Note that you’ll need to add a credit card capable of USD transactions to activate the service.

  3. From the left menu, go to Access > Tunnels, then click Create a tunnel.

    cloudflare-2.pngcloudflare-2.png

  4. Similar to tools like frp or ngrok, follow the on-screen instructions to run the client on your platform.

  5. Configure routing rules. For example, as shown below, visiting https://test.lyc8503.ml will forward traffic directly to the internal service at http://localhost:8081.

    cloudflare-3.pngcloudflare-3.png

  6. After creating the tunnel, you can add or modify additional routes if you need to expose more services.

The downside? Access speed from mainland China might be slow. To improve performance, consider using a custom IP routing method. Also, this method only supports HTTP(S) services out of the box. For other types of traffic, you’ll need to install a separate client. Plus, the credit card requirement during signup adds a bit of complexity.

As for me, most of my public-facing services are hosted on Alibaba Cloud’s Serverless platform—feel free to check out my blog posts on cloud-native topics if you’re interested!

This article is licensed under the CC BY-NC-SA 4.0 license.

Author: lyc8503, Article link: https://blog.lyc8503.net/en/post/cloudflared-tunnel/
If this article was helpful or interesting to you, consider buy me a coffee¬_¬
Feel free to comment in English below o/