Sure you can. I was in the same boat. I needed to access mail, http, ssh (not dns) in the application server, so I set up ssh port forward. All traffic went though the server located in DMZ. Manual page can be studied
here, or just do a google search for "ssh port forward"