If routable addresses are not available, you
select an appropriate RFC1918 address range
edit your webserver, emailserver
add appropriate redirections
rdr on $ext_if proto tcp from any to $ext_if port $webports -> $webserver rdr on $ext_if proto tcp from any to $ext_if port $email -> $emailserver
segment off your DMZ, introduce address pools