Seems like you are trying to use double NAT, i.e. two firewalls. DD-WRT + pfSense.
While double NAT can be made to work, in the long run it will be problematic.
You might be better off connecting pfSense directly to your ISP’s modem. Assuming you are using DD-WRT for WiFi connectivity, connect DD-WRT LAN side to pfSense LAN side and configure DD-WRT in what is commonly referred to as Access Point (AP) mode. It also makes future WiFi upgrades significantly easier since it sits behind your enterprise class pfSense firewall.
If you still have pfSense behind your existing DD-WRT router, you don’t need to enable MAC spoofing since pfSense will get a private DHCP IP address from your DD-WRT router. In fact enabling MAC spoofing and entering a MAC that is already in use by another device will be unable to route traffic, as you discovered. MAC spoofing is really only necessary if your ISP ties your service to the WAN MAC address of your firewall and not the modem, and you want to avoid reprovisioning when you change firewalls.
A MAC address is unique to the hardware. A DHCP server uses the unique HW MAC address to assign an IP address which will change depending on what network you are connected to. If you want a client to have the same IP address (e.g. a server), you can either set a static IP address on the client or assign a static IP reservation in your DHCP server using the client MAC address and the desired IP address. Just make sure the static IP address is outside your DHCP server IP address pool range.
DD-WRT and other open source firmware (LEDE/OpenWrt, etc) are good for what they do. Keeping otherwise unsupported OEM consumer WiFi routers out of landfills. DD-WRT has been in perpetual alpha/beta since at least 2006. Do you really want to keep running DD-WRT as your edge firewall or use open source enterprise class firewall pfSense?
Thanks for your help, you clearly know more about this than the original Elvis Presley.
I understand that MAC spoofing on pfSense, when it’s already behind a DD-WRT router is pointless. But I am confused why MAC spoofing by itself would cause it to fail? I did not use the MAC of a different network device.
I did have a IPv4 DHCP on the DD-WRT, and a IPv6 MAC that I made up. Is that the issue? How do I make up a good bullshit MAC?