Not necessarily. Cable modems are nothing more than a bridge and do no routing.
I can think of many uses of a block of IPs that don't require mail services.
There are a few of ways to do it:
- ARP the additional IPs on the firewall so all IPs come back to it.
- Have the ISP add a static route pointing at your firewall. Since you are paying for static IPs, I'm guessing they would work with you on this.
I'm not sure the AEBS would like either of those options, but a Cisco ASA or Check Point firewall would be okay with it. A Cisco ASA 5505 can be purchased for about $1,000. You can even get them with SSL VPN licenses so you don't need to manage a VPN client.
The third option is to use a different outside port for each of those services:
A. Port 8080 for DVR A
B. Port 8081 for DVR B
C. Port 80 for your web site (assuming this is sitting on the OS X server)
... and so forth.
Either way, it would be prefereable to have all devices behind a firewall that can detect malicious traffic, especially for a business. Exposing your security DVRs is quite a risk to take, as most security camera systems are not that hardened.
A fairly simple solution would be to put a firewall in and have the users who need access to restricted services connect via VPN.
