Double Nat and Access to pfSense web-gui
im trying to set up a dmz for a webserver.
The problem is that my wan-network is a dhcp network from a dsl-router which acts as the gateway and blocks any ports by default. To make by webserver accessable from the internet I therefore need double NAT.
External IP –> IP of PF-Sense-Box
IP of PF-Sense-Box ---> IP of Webserver
But when I implement it this way I cannot access any other web-interfaces behind my pfSense other than the webserver, right? This means also the pf-Sense web-gui is not reachable from the DSL-Router Network anymore...
Is it even possible to create a safe DMZ this way?
Any help would be highly apreachiated!
Here is a drawing of my network setup:
If the upstream device is just forwarding everything to you then, yes, you can only have one thing on port 80 listening or being forwarded.
As far as the pfSense webgui is concerned, you can disable it on port 80 and change the port to whatever you want.