Not sure exactly what your question was, but:

The external DNS points whatever.yournetwork.net to your firewall.  Your
firewall usually takes anything that hits it at port 80 and forwards it to
your internal webserver.  The external DNS has no idea that the web service
isn't on the firewall box itself.  Same for mail.

It's also possible for the firewall to parse multiple host names pointed to
the same IP, and forward connections to different internal servers on that
basis, but again as far as external DNS is concerned it's all running on the
firewall.

The problem most of us would run into would be "reverse DNS".  If somebody
looks up whatever.yournetwork.net, they get your firewall address and that's
fine.  But if someone, or say a mail server, does a "reverse lookup" on the
IP address of your firewall for authentication purposes, they're going to
get something like mkc-24-131-26-190.kc.rr.com, and the auth may fail.  The
only way to solve this (that I know of) is to pay the owner of the actual IP
address block to list your domain in it's DNS.  They usually want
unreasonable amounts of money for that.