Block of 8 public IP addresses - can I pick and choose which IP maps to a port?

a4g_inatl1

I have

• a low volume email and web server.
• a USG20 VPN device in a small home/office scenario.
• a block of 8 public IP addresses, 5 usable with mask 255.255.255.248. These have been in use for years.

I plan to shutdown my current old server and have created a new email server and will separate the web server next onto it own server.

My intentions are to separate/use 2 of the IP's and use map/NAT/other way to target IP (example 192.168.200.3 and 192.168.201.5), using 2 different ports (4 and 5 on the device) for the mail and web servers. This is for security purposes. I have 1 IP for Mail and another for web.

I would probably use NAT to redirect each public or NATted IP to the port number

Questions:

1. Is it necessary to use 2 ports?
2. Is NAT the best way to separate the IP's?
3. Do I need to use NAT or can I direct the mail and web public IP's directly to the ports on the device?

TIA, Darryl.

WJS

• You can set virtual server or 1:1 NAT instead of 2 ports, Firewall will respond ARP of other public IP in this case.

• I believe it is the best way that only open necessary ports by NAT, moreover firewall can prevent some attack from internet.