No traffic past lan gateway with new setup?
[update] I can make an RDP connection, however cannot ping or view a mapped drive. So, 3389 TCP works, but not ICMP or TCP 135(?). This is inconsistent with rules and behavior before the change.
[update2] Appears it's a Windows firewall issue on at least one target pc. Guess I'd never attempted to map a drive over vpn. Pretty sure I was able to ping it though? Maybe the firewall zone on that computer changed with the physical changes below.
As the title says, I can only connect to the lan gateway - no other computers on that subnet - after placing pfsense in a dmz. I've tested this internally and externally from two devices.
No rules have changed. The wan rule obviously permits SSL traffic; no trouble connecting. No lan rules deny vpn/related traffic. OpenVPN rule is any protocol to any destination.
The new setup is: cable->arris modem [nat/fw/routed]->(DMZ)->pfsense->unmanaged switch->target computers.
Old setup: cable->arris modem [bridged]->pfsense->unmanaged switch->target computers.
Reason for not bridging the new setup is that throughput is 2-4X faster directly on the arris, over wire & air respectively. My lan gear is 100Mbps and I think that's the bottleneck(s). My AP is 802.11g. Speeds are: 65Mbps/50Mbps lan/wifi(n) directly on Arris, and 30Mbps lan behind pfsense and 11Mbps behind my old "g" AP. Not ready to upgrade 3 switches and an AP, plus I want to figure this out.
Just occurred to me… Could this be a 'double nat' issue? Arris translates public IP to lan ip. Pfsense translates that lan address, then... unable to connect to the 'double nat'd' computers? I dunno.