Trunking Multiple Vlans to vFirewall

[Threeway]

Im having some difficulty trunking several vlans to a vFirewall (OPNsense). I have three servers on v700,v800,v900. Each VM is currently assigned vmbr700, vmbr800 or vmbr900; these are tagged with the corresponding vlan number. The internal firewall interface is currently vmbr1.

The gateway for each network resides on the firewall and should be a L2 trunk between the devices. I have tryed quite a few things I found with googlefu however I still an unable to get the devices to communicate. Im not sure what I'm missing. Any information is greatly appreciated.

auto vmbr1
iface vmbr1 inet manual
bridge-ports none
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094
#Trunk To Firewall

auto vmbr700
iface vmbr700 inet manual
bridge-ports none
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 700

auto vmbr800
iface vmbr800 inet manual
bridge-ports none
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 800

auto vmbr900
iface vmbr900 inet manual
bridge-ports none
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 900

Note that I am not actually running Open Vswitch. I added the vSwitch on the diagram to designate L2 connectivity.

 

[spirit]

Hi,
you don't need to create 1bridge by vm. (different bridges can't forwarded between them).

Simply keep vmbr1

auto vmbr1
iface vmbr1 inet manual
    bridge-ports none
   bridge-stp off 
   bridge-fd 0
   bridge-vlan-aware yes
   bridge-vids 2-4094

(maybe add a physical interface in bridge-ports, if you want to communicate with the external world.

Then, on vm firewall nic config, don't define any vlan tag. (but define them inside opnsense, create 1itagged nterface by vlan)
on your others vm proxmox nic configuration, define the correct vlan tag. (This will tag the port of vmbr1 where the vm is connected, like a real switch).