I have created the above NAT Forwarding rule. It does not appear to be working as when a host (I manually set the DNS on the host to 8.8.8.8) on that network pings a domain. TCPDump/Wireshark show that the DNS Request/Reply is bypassing the Local Unbound DNS and going directly to google.com@8.8.8.8. I have also ticked the Invert Destination Port as most of the examples I found on other sites recommended.
I have also created Reject Rules on the Interface for TCP/UDP port 53 that should be logging but not seeing those log entries either.
I also checked the Log option for the rule but not finding any record of it in the logs.
I missed the NAT Reflection…I followed a lot of examples and not one said that NAT Reflection needed to be disabled or that the Rule that is created from the Port Forward needs to be moved up before a Pass All Rule. I been pulling what is left of my hair out for the last two days.