Cloudflare Docs
Learning Paths
Cloudflare Docs
Replace your VPN (Learning Path)
GitHub icon
Edit this page on GitHub
Set theme to dark (⇧+D)
  1. Learning Paths
  2. Replace your VPN
  3. Configure the device agent
  4. Proxy traffic through Gateway

Proxy traffic through Gateway

  1 min read

With Cloudflare Gateway, you can log and filter DNS, network, and HTTP traffic from devices running the WARP client. This includes traffic to the public Internet and traffic directed to your private network. DNS filtering is enabled by default since the WARP client sends DNS queries to Cloudflare’s public DNS resolver, 1.1.1.1. To enable network and HTTP filtering, you will need to allow Cloudflare Gateway to proxy that traffic.

​​ Enable the proxy

  1. Go to Settings > Network.

  2. Enable Proxy for TCP.

  3. (Recommended) To proxy traffic to internal DNS resolvers, select UDP.

  4. (Recommended) To proxy traffic for diagnostic tools such as ping and traceroute:

    1. Select ICMP.
    2. On Linux servers:
    • Ensure that the Group ID for the cloudflared process is included in /proc/sys/net/ipv4/ping_group_range.
    • If you are running multiple network interfaces (for example, eth0 and eth1), configure cloudflared to use the external Internet-facing interface:
    $ cloudflared tunnel run --icmpv4-src <IP of primary interface>

Cloudflare will now proxy traffic from enrolled devices, except for the traffic excluded in your split tunnel settings. For more information on how Gateway forwards traffic, refer to Gateway proxy.




Previous Next