pfSense testing environment with builtin ethernet cable, how? (solved)

[bthoven]

I already have a standalone pfSense router box running. I intend to create a pfSense testing environment as a VM on my running Unraid box which has only one ethernet port.
What I did so far:

1. create a vlan no 2 from br0 ---> br0.2, with ip 10.0.1.2/24 (my Unraid ip is 192.168.x.x)
2. create a pfSense VM on Unraid, by using vtnet0 as WAN interface and vtnet0.2 as LAN interface. The WAN address is 192.168.x.20
3. create a LAN firewall rule to allow LAN net to access any ip/port
4. create dhcp server for LAN interface as 10.0.1.1/24
5. create a debian VM on Unraid, by using br0.2 as network and get a dhcp address 10.0.1.11 (with dns 10.0.1.2)

Status/Problem:

1. my desktop pc can't access pfSense test from my main LAN (on my production pfSense). I have to disable the test pfsense rule by command line pfctl -d
2. the test pfsense can access internet by its builtin resolver (in pfsense console, can ping 8.8.8.8 or ping google.com)
3. the debian vm can't access internet at at all. (Update: this has been solved by changing LAN interface ip from 10.0.1.2-->10.0.1.1)

Question:

1. I don't know I did it all wrong or I can just set some more firewall rules on my test pfsense to allow internet access from my debian vm (Update: this has been solved. From pfSense webui, I change LAN interface ip from 10.0.1.2 to 10.0.1.1)
2. why I can't access my pfsense test from my production LAN devices, unless I disable pfsense test config by command pfctl -d? What are additional rules I need to put on the WAN interface? (Update: I followed the article in this link and I can now access my pfsense firewall gui from my local (production) LAN: https://bobcares.com/blog/pfsense-allow-web-gui-from-wan/ )

Thanks in advance for any suggestions.

Edited October 3, 2023 by bthoven
update status

[bthoven]

After searching for solutions on internet, my problem has been solved and noted in the OP.