In order to pass files back and forth to machines in the DMZ, you may want to set up a DMZ bridge user. Essentially, this is a dummy user that has no permissions (and no login shell) that can be accessed from the machines inside the DMZ via Samba. Machines outside of the DMZ can copy files to the bridge user's directory tree and it will be visible to DMZ machines but nothing inside the DMZ can access any files except the ones in the bridge user's tree. Also, since the bridge user has no login shell and no permissions, even knowing the userid's password will do a bad guy no good.
Begin by updating the Samba configuration to work on the DMZ subnet.
Add userid bridge:
/usr/sbin/useradd -c "Bridge to DMZ" -m -s /sbin/nologin bridge
Since useradd likes to put a bunch of ka, ka in a regular user's home directory, we should delete all . files in home dir:
rm -f /home/bridge/.ba /home/bridge/.em /home/bridge/.gt*
Edit /etc/group and add important users to group bridge. This will allow regular users to copy files to the bridge user's directory tree.
Change the permissions on /home/bridge to allow group members to have at the directory tree:
chmod g+rwx /home/bridge
Add a password for user bridge to Samba:
smbpasswd -a bridge secretpassword
or
pdbedit -a -u bridge
type secretpassword twice
In the Samba configuration file, add the following to all directories except the bridge user's home directory:
invalid users = bridge
This will exclude the bridge user from all directories except the one they are meant to see. Probably not necessary but just in case.