> My goal with the bridge is to filter all traffic coming in from the > outside world, while allowing servers my servers behind the bridge > to connect freely even if their traffic has to travel out to the > router and back(keep state?). > > My point of confusion is whether or not to turn on forwarding. I > have heard arguments for both.
I have a transparent bridging firewall setup in the same configuration on 3.8.. IP forwarding is not enabled and the two bridge interfaces pass traffic just fine. Don't enable IP forwarding - you don't need it or want it and it opens up the opportunity for misconfiguration elsewhere to break the security on your admin interface. The bridge interface will take care of all your forwarding needs. IP forwarding is required if you want your box to route IP packets using the routing table - this is not relevant to you because your firewall interfaces do not have IP addresses. Bridging uses a MAC forwarding database to forward Ethernet frames... IP doesn't even come into it.
