Now I like to configure a www.server with an private IP number which is reachable from public Internet (only http should be allowed). If you're using a private ip number then you cannot put the www server on the DMZ. What you need is to point the www.yourdomain to your public ip address because if you use private space the requests would never get to you. On your firewall machine do a redirect rule that redirects all requests to port 80 on the firewall to port 80 on the internal www server and put the server behind the firewall. Of course this means that you should allow connections on port 80 on your firewall. Another way to do this without redirect rules though it taxes the firewall machine is to run apache on the firewall machine and allow connections to port 80 then in your httpd.conf file I think it is normally in /etc/httpd just after document root directive add the directive ProxyPass / http://fully qualified name of your www server this name should then be put in /etc/hosts with a corresponding private ip address.