Need help accessing a server on a bridged interface

[innocuousmuffin]

First some background to why I'm trying to do such an odd setup.

At work, we're currently using a SonicWall TZ350 but would like to switch over to opnsense.
Right now the SonicWall is configured to have WAN on one interface, and LAN with a NAT on another interface (as one would expect). Then there's an additional interface configured to be in "Transparent IP Mode" as SonicWall refers to it. Basically, it's allowing us to have a server be assigned a public IP address directly. To me, this sounds an awful lot like a bridge, but if a bridge is the wrong way to do this, let me know.

Right now I have opnsense configured with: a physical LAN interface, physical WAN interface, physical SERVER interface, and a logical WAN_BRIDGE interface that is a bridge of the WAN and SERVER interfaces.
The WAN_BRIDGE is essentially acting as my new WAN interface, and is how everything is reaching the internet right now.

LAN still has a standard NAT and devices on that network can access the internet as nomal.
I've got a web server directly connected to the SERVER interface, and it is able to access the internet using the WAN_BRIDGE interface. I can also access the server from outside my network.

The problem I'm having right now (and I'm sure is probably something to do with an outbound NAT rule or just a firewall rule), is devices on the LAN network are unable to access the server that's connected to the WAN_BRIDGE network. Pinging the server works, but I strongly suspect that's just the opnsense firewall responding to pings.

Any help or pointers on how to access that server from LAN would be super appreciated!

[dseven]

The sonicwall feature is not a layer 2 bridge - did you read this ?

I think the issue with your current setup might be that packets going from your LAN to your SERVER network get routed directly by opnsense, and not NAT'ed, then response packets, addressed to hosts on your LAN's private IP space, get routed to your ISP, because that'd be the default gateway on your servers (?), but your ISP doesn't know where to send them.

You might be able to hack around this with NAT rules, or by configuring static routes on your servers (for your LAN IP space, pointing to the opnsense box).

I wonder if opnsense is doing any filtering for you in this configuration - your servers may be completely exposed to the internet. Bridge filtering may be possible, but may require some configuration (I've never tried)