Firewall rules for the interface you've selected (via Tab) will be applied for every
incoming (!) packet on the selected interface from the firewall's perspective. If a packet has been allowed by a rule it does
not also have to pass the rules of its destination interface.
From the m0n0wall doc: "First remember rules are processed top down, and the first match is the only rule that applies."
1. If you allow traffic from "LAN -> any" another rule for "LAN -> LAN" traffic is not necessary.
2. Rules below "LAN -> LAN" are not applying the way you think they are because packets to LAN from another interface will be handled by the rules for these interfaces
The following should be sufficient for what you want to achieve:
LAN
Proto | Source | Port | Destination | Port | Description |
* | LAN net | * | * | * | LAN -> * |
WAN
Proto | Source | Port | Destination | Port | Description |
ICMP | * | * | WAN address | * | NAT ICMP -> WAN |
DMZ
Proto | Source | Port | Destination | Port | Description |
* | DMZ net | * | * | * | DMZ -> * |
ADM
Proto | Source | Port | Destination | Port | Description |
* | ADM net | * | * | * | ADM -> * |
PPTP VPN
Proto | Source | Port | Destination | Port | Description |
* | PTTP Clients | * | * | * | PPTP -> * |
IPsec VPN
Proto | Source | Port | Destination | Port | Description |
* | * | * | * | * | Any -> * |
I don't see a reason why you might have trouble reaching WAN from ADM/DMZ. As you are logging your rules anyway could you post your firewall log? I'm not sure whether blocked packets are logged by default. You may have to add a rule below e.g. "ADM -> any" that blocks everything and logs it.