WAN and Dmz Access Pb from to differents subnets behind a vpn
I have a pfsense (Soekris) with Wan, DMZ, LAN, a server on the DMZ and an other pfsense (Alix) with a LAN and a WAN.
On the Alix we have a tunnel with two remotes sites (site A and site B), the two sites must have access to the server on the DMZ on the Soekris.
Site A subnet 10.3.2.0/24, Site B subnet 10.3.3.0/24, DMZ 192.168.2.0/24, LAN 10.30.1.0/24, IP LAN Alix 10.30.1.21, IP LAN Soekris 10.30.1.20.
The Site A can do a http request to The server in the DMZ, The site B can't do it, the request reach the server but the soekris don't forward it to the LAN!
The site A can access to Internet, The site B not!!!
The static route on the soekris exists for the two sites, The OUTBOUND NAT exists for the two sites, firewall rules are the same and when we do diag we pfctl the rules are exactly the same.
If there any things I forgot?