192.168.20.0 <–--> PFSense LAN 192.168.20.212/24 |------| 192.168.70.254/24 Pfsense WAN <------> 192.168.70.0

On the 20 network I have a router also sitting on 192.168.20.254 this has a rule in it telling anything on the 20 network which tries to go to the 70 network should do so via 192.168.20.212

The 20 Network is our Main lan with 100 servers and users on it
The 70 Network is about 40 developers with thier own servers etc

I can ping across from 20 to 70
I can ping across from 70 to 20

If i run a traceroute from the 20 lan to a 70 lan IP address i get

Hop 1 = 192.168.20.254
Hop 2 = 192.168.20.212
Hop 3 = 192.168.70.20
Sucess

If i run a trace route from the 70 lan onto the 20 lan i get

Hop 1 = 192.168.70.254
Hop 2 = 192.168.20.1
Sucess

I can connect to a Windows Server on the 70 lan fine from the 20 lan using UNC

Locally on the 70 Lan All works well Intranet pages open, UNC Windows paths open..
Howver from the 70 lan i cannot open up an Intranet page, or connect to a server on the 20 lan from the 70 Lan

I have a single firewall rule in WAN and LAN which both is to PASS ANY FROM ANY TO ANY
I set the NAT to Manual in the Outbound Tab
I've got no default routes, not static routes, no gateways setup

To start with i'd like to be able to connect from the 70 network to the 20 network as well...
Once i have complete connectivity, then i'll firewall it up..

Where am I going wrong, i'm losing sleep and hair over this.. It's something stupid, and i need another set of eyes

There is no need for anything on the 70 lan to go over the router at 192.168.20.254 and get out to the internet, this is a 2 lan system, which when i have working will use firewall rules to lock down..

Can anyone please help me with this? It's Late on a sunday..