Do not set a gateway for internal interfaces such as a LAN or DMZ.
A gateway should only be selected for externally-connected interfaces such as a WAN or a private site-to-site link.
Gateways may still be used on internal interfaces for the purpose of static routes without selecting an IPv4 Upstream Gateway here on the interfaces screen.
Accessing Port Forwards from Local Networks
By default, pfSense® software does not redirect internally connected devices to reach forwarded ports and 1:1 NAT on WAN interfaces. If a client is trying to reach a service on port 80 or 443 (or the port a web interface is using if it has been changed), the connection will hit the web interface and they will be presented with a certificate error if the GUI is running HTTPS, and a DNS rebinding error since it’s an unrecognized hostname.
NAT Reflection employs techniques to redirect these connections if required. Split DNS is usually the better way if it is possible on a network because it allows for retaining of the original source IP and avoids unnecessarily looping internal traffic through the firewall. Both are explained here.
Method 1: NAT Reflection
In order to access ports forwarded on the WAN interface from internal networks, NAT reflection must be enabled.
In order to do this, navigate to System > Advanced, Firewall/NAT tab. On that page, select Pure NAT for NAT Reflection mode for port forwards, check Enable NAT Reflection for 1:1 NAT, and check Enable automatic outbound NAT for Reflection. Click Save.
Pure NAT mode for port forward reflections uses only pf NAT rules to accomplish reflection without any external daemons. It will work with TCP, UDP, and other protocols.
NAT+Proxy mode for port forward reflection sets up a proxy daemon and rules to receive and reflect only TCP connections. This method the only available means of reflection in earlier versions of pfSense software. It can work in certain rare circumstances where Pure NAT mode does not. This will only work with single port forwards or ranges of less than 500 ports. It does not work with UDP or other protocols.