after 2 days of failures and 401 or blank pages, i still got login prompt and never get anonymous access.
I got it.
First of all. dont change any settings on intranet,
THen make a extension on the existing one, the http header is the internet webaddress
now go to iis, give the newly showed up session anonymous access and form access.
Go to the mainly web application, give anonymous access. DONE!