Using PFBlocker in between Cisco border and Windows Server to allow only certain countries



  • Good afternoon.
    Firstly, I have no access to the Cisco equipment that NATs the Public IP to the Private IP. I can not do anything there.

    ACTUAL SCENARIO - Works fine:

    Public IP > Cisco xx NAT > 10.100.6.16 >> Windows Server serving webpage

    My client only wants a certain country to visit page, (and I have no access to the Cisco) so:

    NEW SCENARIO:
    Public IP >>> Cisco xx NAT >>10.100.6.16 as WAN on Pfsense > PfblockerNG > LAN on PF Sense 192.168.6.16 >> Windows Server serving webpage

    I have installed PF Sense and Pfblocker, but first need to get the basics working. I have created the NAT rules, and PORT TEST shows a response, but from the internet the webpage does not load. I am pretty sure that I because the webserver does not know where to return the packets due to the double NAT (the cisco and the Pfsense).

    Questions:

    1. Am I OK using the WAN interface on what is basically a private network segment?
    2. Should I be using NAT at all in this scenario (wanting to allow only certain country traffic with pfBlocker) or should I be trying to set up a 1:1 connection without NAT?
    3. If I do need to do NAT a second time (the Cisco is already doing this and it works fine) how do I make the requests resolve OK back through the network?

    Thanks very much in advance


Log in to reply