I'm trying to build a firewall with one card open to a DMZ. But I'm unclear on how exactly to do this. Do I start by forewarding all incoming requests on port 80 to my internal DMZ machine and then masq all outgoing traffic (as I do with all the networks)? Is that how it works?