Using PFBlocker in between Cisco border and Windows Server to allow only certain countries

  • Good afternoon.
    Firstly, I have no access to the Cisco equipment that NATs the Public IP to the Private IP. I can not do anything there.

    ACTUAL SCENARIO - Works fine:

    Public IP > Cisco xx NAT > >> Windows Server serving webpage

    My client only wants a certain country to visit page, (and I have no access to the Cisco) so:

    Public IP >>> Cisco xx NAT >> as WAN on Pfsense > PfblockerNG > LAN on PF Sense >> Windows Server serving webpage

    I have installed PF Sense and Pfblocker, but first need to get the basics working. I have created the NAT rules, and PORT TEST shows a response, but from the internet the webpage does not load. I am pretty sure that I because the webserver does not know where to return the packets due to the double NAT (the cisco and the Pfsense).


    1. Am I OK using the WAN interface on what is basically a private network segment?
    2. Should I be using NAT at all in this scenario (wanting to allow only certain country traffic with pfBlocker) or should I be trying to set up a 1:1 connection without NAT?
    3. If I do need to do NAT a second time (the Cisco is already doing this and it works fine) how do I make the requests resolve OK back through the network?

    Thanks very much in advance