Regular rule doesn't allow traffic, but floating rule does

[Skye]

Hello,

I am new to OPNsense and having trouble understanding the firewall rules.  I am attaching a network diagram of my network layout.

If I try to ping from the VPS to the nginx box (ping 10.10.20.2), it only works if I create a floating any rule.  Even if I create any rules for each interface (in + out), it does not work until I create a floating rule.  (It also works if I shut down the packet filter from command line (pfctl -d))

Looking at the logs, they look pretty similar between each.  I can see the ping coming in and traversing the NAT in both cases, but I don't see it going back out again even though I have logging turned on for all rules.

I was hoping someone could help me understand what's going on here?

Thank you,
Skye

(See following posts for attachments since I can't fit them all on one)

[Skye]

(n/t)