Double Nat and Access to pfSense web-gui

  • Hey guys,

    im trying to set up a dmz for a webserver.
    The problem is that my wan-network is a dhcp network from a dsl-router which acts as the gateway and blocks any ports by default. To make by webserver accessable from the internet I therefore need double NAT.

    DSL-Router Nat
    External IP –> IP of PF-Sense-Box

    PF-Sense Nat
    IP of PF-Sense-Box ---> IP of Webserver

    But when I implement it this way I cannot access any other web-interfaces behind my pfSense other than the webserver, right? This means also the pf-Sense web-gui is not reachable from the DSL-Router Network anymore...

    Is it even possible to create a safe DMZ this way?

    Any help would be highly apreachiated!

    Here is a drawing of my network setup:

  • LAYER 8 Netgate

    If the upstream device is just forwarding everything to you then, yes, you can only have one thing on port 80 listening or being forwarded.

    As far as the pfSense webgui is concerned, you can disable it on port 80 and change the port to whatever you want.

Log in to reply