The network you have seems to me to be unneccessarily complex and difficult to maintain. For the cost of an extra NIC in the OpenBSD server you can have a system which is much easier to control and maintain - and - I suspect - more secure as there is only 1 possible path onto the Internet for the Wireless router.
What I propose a solution along the following lines: (Excuse the very quick diagram)
The idea here is to have the OpenBSD box handling all the routing for everything.
Disable DHCP on the Wifi router (actually disable everything, turn it into an Access Point), and run DHCP on the OpenBSD server for both the Protected and Guest Interfaces.
Put each Interface on a seperate subnet (for example 192.168.100.0/24 and 192.168.101.0/24), so that in order for the unprotected stuff to communicate with the protected stuff (or the world) it needs to go through the OpenBSD server.
Do firewalling on the OpenBSD router to prevent unwanted communication.
You can do policy routing if, for example, you want the Wifi router to only use one of the 2 modems). Of-course, depending on your Link aggregation router you may have some work to do there - or indeed, you may want to get rid of it altogether and set your OpenBSD box to do the aggregation routing.
I note that I put the printer behind the Wifi Router = unprotected network. This makes the protected network more secure as it means that you don't need to allow connections from the unprotected network into the protected network. The flip side is it makes setting up printers on the protected network a bit harder as they won't be able to scan the subnet. The alternative would be to put the printers in the protected network and allow the unprotected network to access the printer through the firewall.
I note that I've done this using an additional Network card in the OpenBSD server. An alternative solution if your printer is VLAN cpabale would be to keep with 2 nic, and then use VLANS on the switch to designate each network. This makes management easier and requires less hardware - but does make the assumption that VLANS are secure - an assumption which is open to question. If you go this route, and have a fancy printer, you may be able to make the printer accessible through both VLANS so it is easy to install - but this will depend on the printer and may not be practical.
(I greatly prefer the VLAN solution, BTW - Also, while I have done pretty much all of this, I've never used OpenBSD seriously - my solutions are all Linux based)
It may be useful to provide a diagram and explanation of what you are trying to do. Can you confirm you want to have a LAN with Internet access, in addition to Wireless connection on a network which is publicly accessible but should not be able to access the private subnet? Also - how many interfaces are there on your OpenBSD machine, and what can you tell us about the Wireless router (ie make, model, can you log into it or is it ISP equipment ?) [ There are at least 2 solutions to this problem, assuming I understand it correctly ] – davidgo – 2015-11-09T01:07:58.287
Thanks for the reply, @davidgo. I've updated my question and added a network diagram. – Hyshka – 2015-11-09T04:05:06.243