I use pfsense under esxi similar to other post. But have 3 virtual nics and two real ones.
Vswitch0 is local network
vswitch1 is my FIOS connection/Wan
vswitch2 is virtual for DMZ.
Lan - le0 (vswitch0)
wam - le1 (vswitch1)
OPT2 - le2 (vswitch2) (DMZ)
OPT3 - Tun0 (openvpn to connect to lan from outside)
OPT4 - tun1 (openvpn connection to office for work)
I would think if you want to protect those other machines with pfsense. Option would be port forward or 1:1 nat
Do these machines need to have public ip? I just redirect ports to my web server and other things mainly to DMZ on inside.