When you installed Lync did you add the CSAdministrator and RTCUniversalServerAdmins to your Administrator Member Of Security group?
Without CSAdministrator you cannot log into the Control Pannel, and without RTCUniversalServerAdmins, you will have some trouble in doing some advanced powershell stuff.
See: http://blog.schertz.name/2010/09/lync2010rc-deployment-part1/
I have a similar setup to you, and here's what I'm doing and everything works:
External IP1, Port 80/TCP is NAT/PAT to Standard server port 8080/TCP
External IP1, Port 443/TCP is NAT/PAT to Standard server port 4443/TCP
Since you're not using a TMG server, your firewall must do port translation so that external requests hit the correct site in IIS on your Standard (frontend) server.
External IP2, 443/TCP, 5061/TCP, 3478/UDP, TCP/UDP 50000-59999 Static NAT to Edge server, no port translation
Firewall rules permit the Edge server to talk to the standard edition frontend server.
I'd have to go back and look at my topology, but I believe I used separate URLs and IPs for each of the different services/media. Most of the Lync headaches are in the DNS misconfigurations, sometimes it won't accept CNAMES where you need A records, and vice versa.
If you're going to have a lot of clients (more than 100) than you probably should use a TMG or "insert reverse proxy here" to protect your frontend.
The image below may help you, as will the source that drew it:
http://ucken.blogspot.com/2011/07/configuring-lync-for-external-access.html
Best Answer
The DNS requirements for Lync are listed at http://technet.microsoft.com/en-us/library/gg398758.aspx.
For your example you'd have the following in your external DNS:
_sip._tls.x.com SRV 0 0 443 sip.x.com (SRV record for automatic client logon)
_sipfederationtls._tcp.x.com SRV 0 0 5061 sip.x.com (federation SRV record)
sip.x.com A (SIP Access Public IP)
web.x.com A (Web Components Public IP)
av.x.com A (AV Public IP)