Enable System IP forwarding first
echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.conf
echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.conf
sudo sysctl -p /etc/sysctl.conf
Here is sample network configuration (remove comments "##") Replace your interface name, public IP, internal NAT IP
auto vmbr0
iface vmbr0 inet static
address XX.YY.ZZ.IP/AB
gateway XX.YY.ZZ.GW
bridge-ports enp0s25
bridge-stp off
bridge-fd 0
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m multiport ! --dport 22,8006 -j DNAT --to-destination 192.168.2.2
post-up iptables -t nat -A PREROUTING -i vmbr0 -p udp -m multiport ! --dport 22,8006 -j DNAT --to-destination 192.168.2.2
post-down iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m multiport ! --dport 22,8006 -j DNAT --to-destination 192.168.2.2
post-down iptables -t nat -A PREROUTING -i vmbr0 -p udp -m multiport ! --dport 22,8006 -j DNAT --to-destination 192.168.2.2
# Host Network
#Host Network
auto vmbr1
iface vmbr1 inet static
address 192.168.2.1/24
bridge-ports none
bridge-stp off
bridge-fd 0
post-up iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s 192.168.2.0/24 -j MASQUERADE
#NAT Lan
auto vmbr2
iface vmbr2 inet manual
bridge-ports none
bridge-stp off
bridge-fd 0
#pfSense LAN