Captive portal and port forward/NAT
I'm quite confident this is my fault but I'd like to confirm as I'm quite new to pfSense. I switched over 3 days ago from DD-WRT because pfSense just seemed a little easier and more flexible when it comes to web filtering.
All the clients on my home network are assigned static leases, and I've set up a captive portal as an added security measure because anything on a dhcp lease in my network, is not mine.
I've taken the MAC's from my static lease clients and set most of them as pass-through, with the exception of a couple windows servers that no one has any business surfing the web on. However one of them I have a NAT/Firewall rule to forward RDP to, which was working 20 minutes ago, but stopped, and I have a feeling it's because that system is not on the allowed list and it reached the 60 minute timeout.
Am I correct to assume this should be expected and that I should allow that system to pass through the captive portal?
CP is blocking access to the port forward – it blocks inbound and outbound.
You could add an "allowed IP address" entry for it but using only the "to" direction, then things can reach it from outside, but it can't get out itself.