Couple points, I'm hosting customer's servers, vps's, etc so port forwarding to a private address is a bit hokey. If they pay for a public IP, they should have a public IP.
Second, I'm (clearly) very green on the networking front. My experience is as a System Engineer, not Network. So bare with me on these rookie questions
I may be NAT'ing, but for my current IP range, I don't have to enter anything in my firewall to have them work. If I stand up a new server and assign it one of my current IPs, put it in the outside VLAN, it works. I have one public IP I use for a management server that I do a bunch of NAT/PAT with. So if I need to NAT, will I NAT from the public IP to the same IP? That doesn't make sense to me.