Let me explain our setup. We have interface 3,4,5 setup as a switch, with ether 3 being the master. We are doing nat on this network and have the firewall working. This works correctly.
Interface eth 2 has a public IP range and works fine. We need to allow any traffic from the outside world to this IP range. Basically, dont want firewall to control this port.