Let's say I setup a BM server with 3 nics--public, private, and DMZ.
When I want to connect to a machine in the DMZ from the private network
(say a web server), does the server use NAT between them? Like this:

BM server has private ip 192.168.1.254, DMZ ip 10.10.10.254, and public
ip 167.142.225.5

private ip 192.168.1.1 connects via port 80 to DMZ 10.10.10.1. Static
route connects the machine to 192.168.1.254--the BM server. BM server
NAT translates to:

source 10.10.10.254, high port 1024
destination 10.10.10.1, port 80.

So the DMZ machine only ever sees 10.10.10.254 via NAT--and has no known
route to 192.168.1.1 . . .

Ted