Disable outbound NAT, go to Firewall → NAT → Outbound and select “Disable Outbound NAT rule generation”.
Set net.link.bridge.pfil_bridge from default to 1 in System → Settings → System Tuneables.
Disable filtering on member interfaces by changing net.link.bridge.pfil_member from default to 0 in System → Settings → System Tuneables.
Create a bridge of
LAN and WAN, go to Interfaces → Other Types → Bridge. Add Select
LAN and WAN.
Go to Interfaces → Assign → Available network port, select the bridge from the list and hit +.
Add an IP address to the interface that you would like to use to manage the bridge. Go to Interfaces → [OPT1], enable the interface and fill-in the ip/netmask. (use OPT2 if you have a 3rd NIC and have already used this for OPT1)
Go to Interfaces → [WAN] and unselect Block private networks and Block bogon networks.
Disable the DHCP server on
LAN go to Services → DHCPv4 → [
LAN] and unselect enable.
Go to Firewall → Rules and add a rule per interface to allow all traffic of any type.
Go to Firewall → Settings → Advanced → enable “Disable administration anti-lockout rule”
Remove the IP subnets in use for
LAN and WAN by changing the interface type to none. Go to Interfaces → [
LAN] and Interfaces → [WAN] to do so.
If you have a dedicated NIC to manage the firewall and have added OPT2 to the bridge interface for Internet access/updates/etc Go to Fireall → OPT2 and create a rule to block OPT2 in to “this firewall”, make sure this rule is at the top of the rule list.
Or if you have a dedicated NIC to manage the firewall, disable OPT2 and add a gateway for OPT1 so that the firewall device can communicate with the Internet.