Double Nat and Access to pfSense web-gui

johnny123

Hey guys,

im trying to set up a dmz for a webserver.
The problem is that my wan-network is a dhcp network from a dsl-router which acts as the gateway and blocks any ports by default. To make by webserver accessable from the internet I therefore need double NAT.

DSL-Router Nat
External IP –> IP of PF-Sense-Box

PF-Sense Nat
IP of PF-Sense-Box ---> IP of Webserver

But when I implement it this way I cannot access any other web-interfaces behind my pfSense other than the webserver, right? This means also the pf-Sense web-gui is not reachable from the DSL-Router Network anymore...

Is it even possible to create a safe DMZ this way?

Any help would be highly apreachiated!

Here is a drawing of my network setup:

https://picload.org/view/rwdplcgi/skizze.jpg.html

Derelict

If the upstream device is just forwarding everything to you then, yes, you can only have one thing on port 80 listening or being forwarded.

As far as the pfSense webgui is concerned, you can disable it on port 80 and change the port to whatever you want.