@syorke what part are you not getting that if your rule says only 192.168.1/24 can use this interface with the lan2port subnets, how would 192.168.0.x be able to use it?

You need to allow both 192.168.1 and 192.168.0 - you can do that with a 2nd rule, you could do that with using a cidr of 192.168.0/23 you could create an alias that has both networks in it.. Or you could just make it an any with the "*" like your antilock out rule.

No you shouldn't use a modem vip I created for use on my network.. I posted up a screen shot of my outbound nats - I highlighted the part you should be looking for that downstream network to be in.

@pfuzer pfsense with pfblockergng-dev and suricata

Hi, your machines uses s.o windows ? in that case turn off the firewall each and check pin to the other machine