"anyway my host has an ip of 192.168.2.2, pfsense is natted thru vmware, so it has a wan ip of 192.168.2.4"
How do you expect that to work exactly if there is a NAT?? You can not put same network on both sides of a NAT
What version of player/workstation are you running.. I don't believe current versions of player allow you to edit the vmnets - but you can still pick between nat and bridged. See attached image
So here is the thing if you want pfsense wan to be same network as your normal network 192.168.2.0/24 then the nic in vmware player/workstation needs to be bridged to your interface on you host machine that is connected to this network.
Now how exactly is this 192.168.10 network attached to your host machine??? This is another virtual nic in your pfsense VM.. What are the settings on that nic.. What physical nic is it attached too, or is it also Natted?
How you would normally set this up is your host would have 2 physical nics.. Your pfsense vm wan nic would be bridged to the physical nic that is connected to a network that has internet access. Now your host machine can either have binding to this nic and IP on this interface.
Or it can have its binding and connection to the hosts 2nd nic and also bridged to the physical network.. This puts the HOST behind pfsense for internet access on pfsense LAN. But if your going to have the host in front of pfsense on its WAN network then there should be NO binding on the 2nd host nic for anything other than the vmware bridging protocol – see 2nd image
If you host has connections in both of your networks both 192.168.2 and 192.168.10 and your trying to connect to its 192.168.2.2 address from a box on connected to its 192.168.10 network.. Your going to have issues.. So it answers you back from its other interface and you have what amounts to a asymmetrical routing issue
Please post up your vmware settings for your pfsense VM like my first pic. Exactly what vmware product are you using player/workstation 10,11,12 ?? And please validate what physical nics your stuff is connected to on your HOST PC.. And an ipconfig /all from your host pc wouldn't hurt either.
vmwarenetworktype.png
vmwarenetworktype.png_thumb
phsyicalnicnobindings.png
phsyicalnicnobindings.png_thumb