Cannot figure out multiwan with static IP block

[cpw]

Background: I am trying to migrate from an old, but functional shorewall setup to using OPNSense, because I wanted to upgrade some stuff and quite frankly, it was a headache maintaining the shorewall scripts.

So, attached is a low quality diagram sketching out my network - at least, how I want it to work, if possible. Previously, the "server" served double duty as a firewall, but I decided I wanted to move to something dedicated (I repurposed an old ZOTAC mini-PC from my legacy mythtv setup).

No matter how I configure the "DMZ", I cannot get it to route beyond OPN. The DMZ is using a /29 network, with the OPN router holding the "gateway" IP (61) and the other hosts bridged onto the VLAN. Note this are static public IP addresses, so I do not have NAT configured for the "DSL" interface (I have a NONAT rule).

Pings work from the hosts into the OPN gateway IP (61), and from OPN (61) to one of the hosts. Pings from further afield never seem to arrive on the vlan - I've monitored it using tcpdump, and nothing arrives there. tcpdump does show the packet on the inbound to the firewall interface, however, so it's being invisibly swallowed by OPN somehow.

I've tried a variety of solutions (this is about the 4th design attempt as well, I've had different iterations for the DMZ itself to try and make this work).

I would really welcome suggestions to try and diagnose where on earth my packets are going. Every firewall rule is "LOGGING", but there's nothing to indicate where the packets are going.

Thanks