I have an ASA5505 with 3 interfaces configured: inside, outside, and DMZ. I want the DMZ to be able to access the internet through the outside interface, but not have any access to the inside interface. I've got a device on the DMZ network that needs to have ports 1008, 1009, 1018, and 2000 open for outside access, and the same device also needs internet access.
My config is at: http://stevenhuey.net/cisco/config.txt
I think I have the NAT and ACLs correct for opening the ports, however DNS queries from the DMZ are blocked and aren't working.