I have a customer that has two vlans. Each vlan is configured on a cisco
4506 core switch. The BM server also plugs into this switch; one nic for
each vlan (meaning the BM server has a total of three nics, one for vlan1
and one for vlan2 and one for the internet).

I have a deny rule in the BM server to deny traffic from vlan1 to vlan2 (I
allow vlan2 to access vlan1).

I've since added a management vlan to the 4506 and would like to enable
inter-vlan routing on the 4506 and use access lists.

Here is my problem. I added a deny rule on the bm serv to deny traffic
from vlan2 to vlan1 (so I wouldn't get a loop and inter-vlan routing would
not take place). I then enabled routing on the 4506, placed two static
routes on the 4506 to route traffic from each vlan to the respective BM
nic. I then changed the client workstations default gateway from the BM
server to the 4506, but kept the proxy address on the client (in the
browser) pointed to the respective BM nic.

web browsing works, however anything not using the proxy (ie news reader)
does not.

Not sure if this is a BM issue or a routing issue so I guess my question
is can BM work like this? I thought about replacing the two nics that
connect to the vlan1 and 2 with one nic and setting up a static route on
the 4506 to that nic only, however didn't think http proxy/authentication
would work since each vlan also contains seperate Trees.

Any ideas how I can get this to work? Can I move routing to the 4506 and
off of the BM server (except for internet)?