External ip to workload

We have external DNS (DnsMadeEasy), pointing an external ip to our internal firewall.

Firewall converts external IP to private IP. to 10.10.10.103.

I want to expose a “Hello-world” service on ip 10.10.10.103.

Im thinking this is the “External DNS” topic, but not sure on where to take it. I really feel like our traffic must flow through our firewall…

Thanks in advance,
GNeisler

So I understand a load balanced ingress exposes a service and I can specify a Hostname for that ingress. Foo.bar.com. So how does this ingress become accessible globally?