this is the whole confirguration for you. it works like following, traffic from untrust zone towards to dmz zone.
with any source IP to the interface's IP address of untruse zone (fe-0/0/0) and by openning tcp port 9900 for internal http server at tcp port 80 with IP address 172.27.103.2
set interfaces fe-0/0/0 unit 0 family inet address 192.168.17.254/24
set interfaces fe-0/0/1 unit 0 family inet address 172.27.103.2/24
set routing-options static route 0.0.0.0/0 next-hop 192.168.17.250
set security nat destination pool port9900 address 172.27.103.2/32
set security nat destination pool port9900 address port 80
set security nat destination rule-set port9900 from zone untrust
set security nat destination rule-set port9900 rule 1 match source-address 0.0.0.0/0
set security nat destination rule-set port9900 rule 1 match destination-address 192.168.17.254/32
set security nat destination rule-set port9900 rule 1 match destination-port 9900
set security nat destination rule-set port9900 rule 1 then destination-nat pool port9900
set security policies from-zone untrust to-zone dmz policy permit_9900 match source-address any
set security policies from-zone untrust to-zone dmz policy permit_9900 match destination-address int-9900
set security policies from-zone untrust to-zone dmz policy permit_9900 match application junos-http
set security policies from-zone untrust to-zone dmz policy permit_9900 then permit
set security zones security-zone untrust interfaces fe-0/0/0.0 host-inbound-traffic system-services all
set security zones security-zone untrust interfaces fe-0/0/0.0 host-inbound-traffic protocols all
set security zones security-zone dmz address-book address int-9900 172.27.103.2/32
set security zones security-zone dmz interfaces fe-0/0/1.0 host-inbound-traffic system-services all
set security zones security-zone dmz interfaces fe-0/0/1.0 host-inbound-traffic protocols all