%netstat -rn
Routing tables

Destination        Gateway            Flags    Refs      Use
Netif Expire

192.168.2      UGS         0     8209
192.168.3          link#2             UC          0        0
These routes look fishy. It shouldn't have a route for 192.168.2 cause
it's nowhere defined, so it should go through default, not through bge1.
Any chance a machine on your network has 192.168.2/24 and publishing it,
where it should be 80.242 something?
Try route delete and see if it clears.
This part is ok if you see the schema in OPs later mail.

Really? Where do you see 192.168.TWO instead of 192.168.THREE?

OK, this is the schema OP posted in a different mail, lines wrapped badly, I've repaired:

 -------------                  ---------------
¦   server    ¦     switch     ¦router/firewall¦     switch
¦¦---[(3.x/24)]---¦ ¦---[(2.x/24)]
¦¦bge1             ---------------

As you see, the routing table is from the server, the 192.168.2/24 network is behind the firewall. It must have a static route on bge1 with gateway


