IIUC you have only one nic.
Is the red interface in a Vlan? I don’t think so, cause you only have unmanaged switches.
So the firewall is not physically present between red and green interface.
I think you created a ARP-Roulette. Please have a look at this (2nd part):
http://shorewall.net/FoolsFirewall.html
Maybe this how-to to create a dummy interface for systems that only have one nic can help you:
https://wiki.nethserver.org/doku.php?id=virtual_network_interface&s[]=dummy