How internet addressing really works
Now on Wiki.NerdMage.Ca
(This is a very rough draft...)
There're 2 ways to get to a machine.
IP address & name.
But to use name, you need to have DNS set up.
Either way, there's also the port.
The port is specific to the actual service on the machine.
i.e.: port 80 is HTTP, port 443 is HTTPS, port 22 is SSH...
When your entire network is on a single address as far as the outside world is concerned, you have a couple options to access individual machines.
You can forward specific ports to specific machines (probably with a bit of fiddling in Firewall/NAT on your pfSense box...) or you can set up proxies.
Port forwarding is pretty straightforward, but you need to remember how you've set up the ports.
A good example of how this can work is my general habit of forwarding a port outside the range of Well-Known TCP Ports to SSH on any of my internal machines that I may want to access while away from my own network.
As an example, I have a machine on my network at 192.168.0.99 (Not an address accessible to the outside world) & I'd like access to it while away. I go into Firewall/NAT on my pfSense box & forward port 52099 to this address & translate the port number to 22 (SSH). This gives me the ability to SSH into the machine pretty much anywhere I may be as long as I have internet access.
You can do the same for any service. You could port 52080 to an internal machine at port 80 (http), but you'll have to remember to add
:52080 to the machine name or IP address when accessing it from outside. (i.e.:
Generally, when speaking of proxies, we're talking about web browser access.
(Not always tho... But that's a deeper discussion.)
Web proxies are handled by your main web server. Take a look at Proxy Server Notes for some useful details on how this works.