Port Fowarding in a double NAT enviorment with a pf sense firewall and Cisco 2901

I recently replaced my Home modem with a Cisco 2901 Router and a va-vdsl EHWIC card and i got everything to work but then i needed a firewall so i accuired a pfsense firewall which is sitting inside my 2901 network and my 2901 gets my external isp ip address what do i do if i want to port forward for like games and applications how would i do that with two nat enviroments is that even possible?

Jon Marshall
There is usually no problem with double NAT as you call it but why do you need to do that ie. your firewall does not have to do  NAT just allow the already translated traffic through. 



I dont know how to do that in pfsense though 

and what if i want to do vlans what do i to then 



The pfSense does not have to do NAT if you don't want to so just do the NAT on the router and then add rules on the firewall for the translated IPs.


If you want to use vlans and route them on the LAN side of the firewall just create your vlans on your switch and make the connection to the firewall a trunk link. 


You will then need to configure vlans on the pfSense firewall. 



and then do router on a stick?


Your LAN is behind the firewall isn't it ? 


If so then you use the firewall to route between your vlans not the router.




