Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Using PFBlocker in between Cisco border and Windows Server to allow only certain countries

    pfBlockerNG
    1
    1
    175
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      azapa
      last edited by

      Good afternoon.
      Firstly, I have no access to the Cisco equipment that NATs the Public IP to the Private IP. I can not do anything there.

      ACTUAL SCENARIO - Works fine:

      Public IP > Cisco xx NAT > 10.100.6.16 >> Windows Server serving webpage

      My client only wants a certain country to visit page, (and I have no access to the Cisco) so:

      NEW SCENARIO:
      Public IP >>> Cisco xx NAT >>10.100.6.16 as WAN on Pfsense > PfblockerNG > LAN on PF Sense 192.168.6.16 >> Windows Server serving webpage

      I have installed PF Sense and Pfblocker, but first need to get the basics working. I have created the NAT rules, and PORT TEST shows a response, but from the internet the webpage does not load. I am pretty sure that I because the webserver does not know where to return the packets due to the double NAT (the cisco and the Pfsense).

      Questions:

      1. Am I OK using the WAN interface on what is basically a private network segment?
      2. Should I be using NAT at all in this scenario (wanting to allow only certain country traffic with pfBlocker) or should I be trying to set up a 1:1 connection without NAT?
      3. If I do need to do NAT a second time (the Cisco is already doing this and it works fine) how do I make the requests resolve OK back through the network?

      Thanks very much in advance

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.