First off, since you're setting up such a large WAN-network, I strongly suggest to hire / get someone with proper networking experience/knowledge, as while we will try to explain it, without a proper base-knowledge, a mistake is easily made.
Secondly, why re-invent the wheel? Just install OPNSense or PFSense or any other readily-built router-software as a VM
Do you only have 1 network-port on this server?
If so, create a second linux bridge without an uplink to it, then connect both the vmbr0 and vmbr1 that you just made to this VM
On the vmbr0-port in your router-VM set it as your WAN-side with an IP out of your /24-range of IP's (For example the first one after the gateway from your ISP)
On the vmbr1-port without a VLAN put the the LAN-IP to the 192.168.1.1
Within the OPNSense (or other type) configure a port-forward for YOUR external IP to be able to access the proxmox, and also tell it to be able to receive traffic for the rest of your /24 network.
Then move the 192.168.1.2 IP of proxmox to the vmbr1, and now access your proxmox through the port-forward instead.
Finally within your VM set up VLAN's for each of the servers you will be providing internet to, a DHCP-server for each (or do it without and just provide the IP-details) and a 1:1 NAT and set that same VLAN on the network-port of each server that uses that internal IP-range.
So in the end you'll have:
WAN-IP.1 your ISP-router
WAN-IP.2 your management-access to Proxmox and the router itself
WAN-IP.3-.254 your IP's for your customers
Proxmox:
vmbr0 connected to the WAN network-port and just the router-VM, no IP for proxmox on it.
vmbr1 connected to the LAN network-port of your router, and each of your VM's behind it with a seperate VLAN-tag, as well as an IP for proxmox
Router:
Receive WAN-IP.2 for management with a port-forward to proxmox
Receive WAN-IP.3-.254 for your customers, set up as a 1:1 translation, all ports open, to each VM
An untagged LAN-port for Proxmox
A VLAN-tagged LAN/OPT port for each customer with it's own IP-range (they can NOT overlap), optionally with a DHCP-server as well.
VM:
A LAN-port tagged to a certain VLAN so it can receive/set an IP, reach the router, and from there be translated to it's dedicated WAN-IP