Port Forward Modem/Router and pfSense

  • I've hit a dead end and needed to ask the forum. I have a modem-router. I have the pfSense down stream in order to firewall a different LAN. I need connect to a service on a desktop past the pfSense. So, I need to have the modem-router port forward to the pfSense which will then forward it to a desktop.

  • First question - is your modem/router setup in pass-thru mode, or is it setup in router mode?


  • Put Pfsense in the DMZ of your modem-router and then all you have to do is manage PfSense. So if you need traffic to pass to a computer just setup a port-forward on PfSense. This is of course assuming all your devices are behind Pfsense.

  • Netgate Administrator

    I don't see a question here....
    But, yes, if your modem/router is in router mode you need to port forward to pfSense and then port forward there to the desktop machine behind it. That could be via a 'DMZ mode'.


  • The modem is set in router mode because I want the firewall feature. I didn't know about DMZ mode but I'm reading about it and all the articles are saying I loose the security of a router being the firewall that blocks Internet traffic. I use the LAN the modem creates.

    My initial attempts were to have a modem listening port and then forward it to the pfSense which would then forward the set port to the computer. It has worked.

    What are the forums thoughts on loosing firewall protection in DMZ mode and what about port forwarding to the pfSense and in turn port forwarding to the computer?

    How can you keep strong boarder protection? I have a Ubiquiti Edge Router X available.

  • Netgate Administrator

    DMZ mode, in everything I have seen, is like a 1:1 NAT rule. It forwards all traffic to whatever IP you nominate, in this case pfSense.
    So it removes the firewall for that IP but not for other IPs in the routers LAN subnet.