Hi,
great, BSD again! If you want a simple setup, you use the MT as a switch and configure a trunk between pfsense and MT, with vlan interfaces as gateways. Then you should handle DCHP and DNS on pfsense.
Snort should be run on the WAN interface as it is known to have problems with VLANs.
It would be possible to have DHCP and DNS on MT, but then you need a firewall ruleset on the MT to control traffic between the three inside subnets. Also it would consume more CPU on the MT and less on the pfsense.
Then you need to set the gateway for those networks to the MTs IPs. Also set up a network between the MT and the pfsense like this:
Inet
|
pf 10.0.0.0/12 via 10.200.11.2
|10.200.11.1/28
|
|10.200.11.2/28
MT 0.0.0.0/0 via 10.200.10.1
|
|
10.1.0.0/24
10.2.0.0/24
10.3.0.0/24
Great opportunity to learn subnetting
BR
Woland