Up and working with the “gateway vm” natting traffic from the internal vm and passing it correctly to my real network gateway which nats the outbound stuff as before. Packets get un-natted on return and end up back at the internal vm. A post from iwalker on this thread Firewalld/NetworkManager Internet Routing Not working in Rocky Linux 9.x - #11 by l2g was how I got nat working.
Now, just need to get dhcp and dns working with this arrangement. Not sure vmware is isolating the internal network correctly since I keep getting 192.168.0.0/24 addresses on my “internal” vm. Both 10 net virtual nics are plugged into an isolated virtual switch so this looks like a vmware issue.