Problem with a bridged setup

jahlives

Hello

my first post here. So hopefully not a too stupid question :-)

I have a setup with two subnets (192.168.199.0/24 and 192.168.200.0/24). The box where pfsense is running has three physical interfaces (wan, lan and lan1).
lan-interface is in 199 with 192.168.199.249. lan1 and wan are bridged (br0)  and homed in the 200 sub. wan port is connected to a switch and on lan1 hangs my serial2lan converter (192.168.200.4). Default gateway is on wan side

The problem is that the client that wants to connect to the serial2lan converter is in the 199 sub (192.168.199.11). So I setup a static route on this client to send all traffic for the 200 sub to the ip of pfsense on 192.168.199.249. Then created a forwarding NAT rule on pfsense to allow all traffic from this clients ip to the ip of the serial converter.
The forward works but the traffic back is the problem. I can see with tcpdump that the answers from 192.168.200.4 back to my client leave on the wan interface instead of the lan interface. So answers do not come back.

To "solve" it I tried with giving an ip address to br0 (192.168.200.249), then add this ip as a gateway and create a route for 192.168.199.0/24 on br0 pointing to this gateway. Still the answers leave on wan interface.
The only thing that worked so far is to add the ip to br0 and then create an outbound nat rule on br0 that "replaces" my clients address with the ip of br0 (192.168.200.250). Then the answers come back as expected on lan. The problem with this solution is that the original client ip get lost but the serial converter has rules for the access that need my clients ip.

Is there any way to solve that without an outbound nat?