I managed to work it out. Our setup uses separate vlans to run the management and data connections. I set the data on the bridge of course, then with a proper IP on the bridge, I used a dst-nat to get from the management IP to the IPs on the data bridge. In case anyone wants to know, here's the code...