Multiple servers behind 1 WAN IP all with same port. HAProxy the answer?

If port 443 is used by a web server (which it should be), then that can be proxied by any HTTP reverse proxy (like HAProxy) to the upstream servers by hostname.

Other application-specific protocols cannot be proxied through an off-the-shelf reverse proxy because the proxy needs to know details of the application protocol (cf. this post). However this ESET help article claims that the ports for “Communication between ESET Management Agent and ESET PROTECT Server” (defaulting to 2222) and “DNS resolving and MQTT fallback” (defaulting to 2223) can be changed, so working off one IPv4 address seams workable to me.