pfSense

On "System: Advanced: Firewall and NAT", in the "Network Address Translation" section, the checkbox labeled "Automatically create outbound NAT rules which assist inbound NAT rules that direct traffic back out to the same subnet it originated from." is not working. pfSense is not adding in the necessary "nat-to" rule, like what is instructed here: http://www.openbsd.org/faq/pf/rdr.html#reflect .

I have looked at the output of pfctl -s nat to confirm that pfSense essentially just copies the WAN's rule over to my other interfaces. I have tried both enabling Pure NAT at a NAT rule, and also globally (up above the checkbox mentioned in the above paragraph). Both yield identical results from pfctl. No "rdr ... nat-to" rule shows up to fix the source address+port, so same-subnet NAT reflection doesn't work. NAT'ing across subnets works fine, though.

I have also searched "/etc/inc/filter.inc" in pfSense, and I cannot find any code that would appear to implement such functionality. I found the spot that creates the rules that pfSense generates now, however: lines 2099 through 2104. There's nothing in there to create the necessary rule to fully implement the functionality promised by the previously-mentioned checkbox. (Personally, I'm not sure why one would have a checkbox for such functionality; it seems like you don't have complete NAT Reflection without it working from the same subnet.)

If more details are desired, I have more from when I tried my luck in the forums: https://forum.pfsense.org/index.php?topic=94881.0 Unfortunately, no one there knows enough to help.