VLAN -> WAN -> DMZ rules or configuration help

  • Okey hopefully this it on the right area.

    I have installed pfsense 2.0.3 on a server with 4 NICs

    Some servers are on DMZ and is bridged with WAN so that the .../24 public IPs are accessible directly to the servers.
    Then on VLANS I have some customers that rents access, each with their own VLAN
    the problem I am having is that I want to config so that each and every VLAN has its own public IP (at the moment they use the IP I have set on the WAN-interface)
    and I want them to be like tunneled or routed from the VLAN out from WAN then back in again so they have to pass the WAN rules (as it is today they can access DMZ or anything on the NICs without passing the WAN rules) I can put rules on the VLAN interface but it feels like i have to add alot of rules, I know I can make interface-groups and then put all rules on that one. but then again feels like a type of routing out of WAN will be better.

    Some expertise and help is wanted

    The red line on the picture shows how they should not connect.
    The green line is how I want it to go.