What? Does that have to do with anything? Outbound nat has zero to do with access to other segments.. Pfsense doesn't even nat between networks on the lan side. It only would nat between a lan side interface and a wan (one with gateway set on it directly)..
I attach my outbound nat rules so that you can figure it out.. even if comments are in italian :-)
192.168.10.0/24 is a subnet leading via an Ubiquiti Antenna to my house. To let this have access to the OpenVPN via the pfbox i had to create that rule.. otherwise… no result...
192.168.4.0/24 is another subnet under which i have a couple of machines that need access to the VPN as well.. so i natted it...
You cold have 100's of vlans on your switch.. .Doesn't make it layer 3 routing… Did you set a SVI (Switched Virtual Interface) on these vlans? Ie set an IP address on these vlans?
I set 2 different virtual interfaces on the respective Vlans and gave them IP address, ending .1 for each subnet.
I imagined that natting was not the top, but creating the firewall rules for each interface was not enough to allow traffic, for example, from "madhouse" to "openvpn".
And actually, from the other end of the vpn i cant access "madhouse"…
the vpn tunnels in 192.168.30.0/24, and the subnet on the other hand is 192.168.0.0/24, so not conflicting with any other of the interfaces...
NAT.png
NAT.png_thumb