NOT for this, but saving link. This if for multi-wan (multiple outside IP's with failover)
This is a work in progress. I'm updating it as I do the work.
The goal here is to create a DMZ which will allow multiple public IP's to access internal machines via 1:1 NAT. We will build separate rule sets for groups of machines, ie public web servers, public mail servers, etc…, controlling which ports are available for each separate type (you don't need port 25 open on a web server, for example).