Wee... Sorry about all the near spam and conversations with myself. I added DNAT rules that when something comes in on the LAN_IFACE for a public IP of a DMZ server, to NAT it over. That worked. - James