Let's say I setup a BM server with 3 nics--public, private, and DMZ.
When I want to connect to a machine in the DMZ from the private network
(say a web server), does the server use NAT between them? Like this:

BM server has private ip, DMZ ip, and public

private ip connects via port 80 to DMZ Static
route connects the machine to BM server. BM server
NAT translates to:

source, high port 1024
destination, port 80.

So the DMZ machine only ever sees via NAT--and has no known
route to . . .