When planning to deploy MOSS as an Internet solution, the question "can I place the database server in my internal network, instead of the DMZ" is often asked. During some wondering around the Microsoft site I ran into the following article: Plan security hardening for extranet environments:
"This article details the hardening requirements for an extranet environment in which a Microsoft Office SharePoint Server 2007 server farm is placed inside a perimeter network and content is available from the Internet or from the corporate network"
Very usefull information, but the thing I found extremely usefull was the link to the "Extranet hardening planning tool: back-to-back perimeter" This is a Visio drawing which explains which ports need to be opened when deploying components inside or outside firewalls, etc. Take your advantage of it!!!