My configuration is a master on the LAN segment of a pfSense firewall, and one slave on a DMZ interface. Anything from LAN to DMZ is permitted, but DMZ has restricted access to LAN.
I'm using NAT to port forward TCP/UDP 31234, and everything behaves as expected _except_ copying from the slave and pasting to the master. Looking at a Wireshark packet capture, it seems like the slave might be initiating a TCP connection to the master on a randomized port number for the paste, which the firewall is dropping, as it's supposed to do. Copying from master to slave works fine, which I would expect since the firewall is configured to forward all traffic from the LAN interface.
Placing the master and slave on the same network segment resolves the issue, but is not an ideal solution for my usage.
Do I understand the problem correctly? Is there anything I can do to resolve?