Using PFBlocker in between Cisco border and Windows Server to allow only certain countries
Firstly, I have no access to the Cisco equipment that NATs the Public IP to the Private IP. I can not do anything there.
ACTUAL SCENARIO - Works fine:
Public IP > Cisco xx NAT > 10.100.6.16 >> Windows Server serving webpage
My client only wants a certain country to visit page, (and I have no access to the Cisco) so:
Public IP >>> Cisco xx NAT >>10.100.6.16 as WAN on Pfsense > PfblockerNG > LAN on PF Sense 192.168.6.16 >> Windows Server serving webpage
I have installed PF Sense and Pfblocker, but first need to get the basics working. I have created the NAT rules, and PORT TEST shows a response, but from the internet the webpage does not load. I am pretty sure that I because the webserver does not know where to return the packets due to the double NAT (the cisco and the Pfsense).
- Am I OK using the WAN interface on what is basically a private network segment?
- Should I be using NAT at all in this scenario (wanting to allow only certain country traffic with pfBlocker) or should I be trying to set up a 1:1 connection without NAT?
- If I do need to do NAT a second time (the Cisco is already doing this and it works fine) how do I make the requests resolve OK back through the network?
Thanks very much in advance