I have thought more about this, and I am fairly sure that I will have to use a L3 (i.e. routed) setup. The reason for this is that I’m trying to use a VM as the bridge, this would be fine if:
– all of the traffic came from the same virtual switch as the Zeroshell VM AND
– I could enable promiscuous mode on the virtual switch port and virtual NIC of the Zeroshell VM
However some of the traffic comes from the physical LAN, hence same VLAN but seperate switch, and I think that promiscuous mode is disabled by default in VMware ESX.
What is required to change from a bridged to a routed configuration?