NAT filter rule association
I have a question regarding NAT filter rules. I have inherited a system of VMs. One of the VMs is a pfsense server. Based on the incoming port of the request it applies a NAT rule. This redirects to another set of pfsense servers, which filter the traffic to the correct VM. This is all to direct RDP to the right VM based on the initially provided port.
When I connect from the subnet the pfsense server is in the rules work correctly. However, we also have a public facing IP. The external firewall of my institution(not under my control), forwards all traffic from this IP to the pfsense server. Now we come to the part I dont understand. If in my main pfsense server NAT rules I select NAT filter rule association to none, then the rule works. If I set it to "pass" the rules fail to work for external connections, internal subnet connections work fine.
I do not understand what the issue is. If I select pass, it should simply pass and the rdr phase should kick in right? To me that seems more likely to work than selecting none, but none is what goes through.
If you can, please help me understand why my fix works.