No traffic past lan gateway with new setup?

alottapuddin

[update]  I can make an RDP connection, however cannot ping or view a mapped drive.  So, 3389 TCP works, but not ICMP or TCP 135(?).  This is inconsistent with rules and behavior before the change.

[update2] Appears it's a Windows firewall issue on at least one target pc.  Guess I'd never attempted to map a drive over vpn.  Pretty sure I was able to ping it though?  Maybe the firewall zone on that computer changed with the physical changes below.
…....................................
As the title says, I can only connect to the lan gateway - no other computers on that subnet - after placing pfsense in a dmz.  I've tested this internally and externally from two devices.

No rules have changed.  The wan rule obviously permits SSL traffic; no trouble connecting.  No lan rules deny vpn/related traffic.  OpenVPN rule is any protocol to any destination.

The new setup is: cable->arris modem [nat/fw/routed]->(DMZ)->pfsense->unmanaged switch->target computers.
Old setup: cable->arris modem [bridged]->pfsense->unmanaged switch->target computers.

Reason for not bridging the new setup is that throughput is 2-4X faster directly on the arris, over wire & air respectively.  My lan gear is 100Mbps and I think that's the bottleneck(s).  My AP is 802.11g.  Speeds are: 65Mbps/50Mbps lan/wifi(n) directly on Arris, and 30Mbps lan behind pfsense and 11Mbps behind my old "g" AP.  Not ready to upgrade 3 switches and an AP, plus I want to figure this out.

Just occurred to me… Could this be a 'double nat' issue?  Arris translates public IP to lan ip.  Pfsense translates that lan address, then... unable to connect to the 'double nat'd' computers?  I dunno.