Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Double Nat and Access to pfSense web-gui

    Scheduled Pinned Locked Moved NAT
    2 Posts 2 Posters 551 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      johnny123
      last edited by

      Hey guys,

      im trying to set up a dmz for a webserver.
      The problem is that my wan-network is a dhcp network from a dsl-router which acts as the gateway and blocks any ports by default. To make by webserver accessable from the internet I therefore need double NAT.

      DSL-Router Nat
      External IP –> IP of PF-Sense-Box

      PF-Sense Nat
      IP of PF-Sense-Box ---> IP of Webserver

      But when I implement it this way I cannot access any other web-interfaces behind my pfSense other than the webserver, right? This means also the pf-Sense web-gui is not reachable from the DSL-Router Network anymore...

      Is it even possible to create a safe DMZ this way?

      Any help would be highly apreachiated!

      Here is a drawing of my network setup:

      https://picload.org/view/rwdplcgi/skizze.jpg.html

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        If the upstream device is just forwarding everything to you then, yes, you can only have one thing on port 80 listening or being forwarded.

        As far as the pfSense webgui is concerned, you can disable it on port 80 and change the port to whatever you want.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.