eth1 is plugged into a switch, eth2/3/4 are not, they're plugged into computer 'internet' ports. And yes, the entire network is on 192.168.1.0/24.
The WAN_LOCAL rule was an attempt to allow 'remote' GUI access, except those ports are forwarded to a server.
IF I wanted remote 'GUI' access, AND I wasn't forwarding those ports to a derver, that WAN_LOCAL rule would be correct? Or not?
My original post suggested that the 'eth1' network should really specify 192.168.1.0/24....
My original question was basically, how does eth1 'work'. I seemingly have defined eth1 to be on subnet 192.168.0.1, which basically doesn't exist.