vmbr0 without physical uplink

@life-from-scratch. It sounds like you just have a flat single VLAN network. Is that true? I think this should be pretty easy to configure, but it looks like where things are getting complicated is plugging the devices directly into your Proxmox host. What you need is a small network switch to aggregate your devices as things will probably be difficult to make work as expected plugging into the host directly. I know, especially with the small space for your lab, you are probably wanting to have as few cables as possible, but I think you will always be fighting unexpected behaviors trying to set it up this way. The Proxmox bridge isn't really designed to be a network switch in itself for physical resources. I think you would like to have a network switch with VLAN capabilities in the future as well if you want to delve into carving up your traffic even further for different traffic types, etc.

Ideally, to simplify, you could just VLAN-aware enable the bridge, and have all 4 connections backing the bridge. Then you can plug your devices into a VLAN aware switch and plumb traffic as you need from there. Let me know if you would like to continue to experiment though without a switch. I could probably set up a test host and play around with configurations from that angle.

Yes, no VLANs yet. I have a small switch already. I've messed with wiring don't remember exactly what's connected where at the moment (see cable management lol). It all works fine, I just literally have a cable with one end plugged into the network card that's passed through to PfSense and the other end plugged into the motherboard of the same machine. It just seems like since PfSense and all my VM's are connected to the virtual bridge that that physical cable shouldn't be needed. I would still have the PfSense LAN port going out to the switch.

Ah ok gotcha. Passthrough will change things a bit. With passthrough, that VM will have exclusive access to that physical device. So it makes sense that you would need to somehow tie this into your vmbr0 bridge. Without passthrough, you could have pfSense and Proxmox be able to communicate "in the box." Here is a way you could set that up.

With a few VLANs, you could carve up that traffic so that everything is switched virtually inside Proxmox between pfSense, your Proxmox host, and everything else. 

As an example, you could create:

VLAN 100 - WAN 

VLAN 200 - LAN

VLAN 300 - other traffic if needed

That way, you could plumb everything in on the pfSense side virtually. You could have a virtual interface in pfSense tagged with VLAN 100 for WAN, a second virtual interface tagged with VLAN 200 for LAN traffic, and an optional interface tagged with VLAN 300. With this configuration, you could have a single cable out of your Proxmox host into your switch on a trunk port, and then have your devices plugged into access ports tagged with the appropriate VLANs if that makes sense.

I think I understand, but not really. Why did it not work to simply set up a bridge in PfSense between the virtual interface from Proxmox and LAN? In PfSense I can make one of my physical ports into WAN and set the remaining three physical ports on that card to be LAN right? Then the extra ports are just behaving like a switch, correct? Why doesn't it work to just include the virtual interface in that bridge?

I think I'm getting what you're talking about with not passing through. I'm not trying to push the whole of my LAN through virtually. I'm only talking about providing LAN connectivity to my VM's and Proxmox GUI through the virtual interface.