in my network set up i have two pfsense machines chained in series to eachother. We'll call them pf1 and pf2

PF1 has two WAN connections: WAN1 and WAN2, and a LAN connection with ip 192.168.3.1. (LAN1) This machine serves as failover/balancer.

PF2 has 2 WAN connections : WAN3, and WAN4 with ip 192.168.3.2 (this last one being hooked to the LAN of the PF1 thus as a gateway using 192.168.3.1), and 2 LANs. (LAN2 and LAN3) One of them mapped with firewall rules to go on WAN3 and the other on WAN4.

My failover/balancing works fine and everyone has access and is happy.

Here lies my problem.

I have the webconfigurator of one machine , pf1 on the LAN1 address say port 1111
and the webconfigurator of pf2 on LAN2 address port 1111.

Since i myself am on LAN2 i wanted to be able to monitor access both panels from lan 2.

SO my logic was to start NAT'ing.

in PF1 NAT port 1111 of 192.168.3.2 (which is the pf2 WAN, and is pingable from PF1) to the port 1111 of 192.168.3.1

and then on the second machine PF2 NAT port 1111 of 192.168.3.2 on port 1112 of my lan2 address.

This way from my LAN2 network i could navigate to :

PF2 : 1111 and get my pf2 panel
PF2 : 1112 and get my pf1 panel

this, is not working. Not only the whole thing is not applying, but even on my PF1 box where is set up the following rule:

If Proto Src. addr Src. ports Dest. addr   Dest. ports NAT IP NAT Ports Description

LAN TCP/UDP * *        192.168.3.2    1111       192.168.3.1 1111

Why would my nat'ing within the same machine/network/class not work?

I hope the explanation was not too confusing.

thank you in advance