I've got a pfSense box which is acting as DHCP/DNS for one LAN, which all office computers and servers connect to.
We have a modem which cannot be put into bridge mode for several reasons and cannot be swapped out for another bridgeable modem as we use certain services from the ISP that only function with their (rather crappy) modem.
We can, however assign a PC on the Modem's LAN to be a DMZ, which I've done, selecting the pfSense box as DMZ, no other devices other than this are on the Modem's LAN.
The issue I face is this: I can't port forward from the pfSense box to any other computer/server on the pfSense LAN. I confirmed that the Modem's DMZ is working as I connected a server directly to the Modem's LAN and was able to access services from our public IP. Also, we used to use a Windows server for DHCP and Routing and Remote Access, which included a very basic port forward function which did work. The only thing we've changed is the installation of the pfSense box as the Windows server died.
How do I port forward using pfSense under these conditions.
Best Answer
I think you really just need to disable NAT on the pfSense router/firewall. You simply don't need to use NAT to route or use the firewall. You can use the firewall to disallow users from accessing the ISP services, and you get the boot services that work on pfSense. This should solve the double-NAT port forwarding problem.
The pfSense documentation tell you how to disable the firewall: