My home network diagram.

                             ((??)) = name of the machine

Using 'Bastille-Linux' for firewalls on (( GW ))  and  (( LAN  )).
port 80 is only open to the 'outside world/internet on (( GW  )).
port 80 on (( LAN  )) is open to (( NK )) and (( LK  )) only.

            --------------------------
            |       (( GW ))         |              
            |                [ ppp0 ]|<<<=== The Internet
            |                        |
            |                        |  
            |                        |      ----------------------------
            |                        |      |         (( WS  ))        |
            |                        |      |    a public WebServer    |
            |        eth1[172.16.0.1] ===>>>|eth0[172.16.0.2]          |             
            |                        |      |                          |
            |                        |      ----------------------------
            |                        |      -----------------------------|
            |                        |      |         (( LAN ))          |
            |                        |      | Webserver/Ftp Server       |
            |                        |      | accessible by              |
            |                        |      | (( NK )) and (( LK ))'only'|
            |                        |      | [2 internal hosts]         |
            |                        |      |                            |
            |                        |      |                            |
            |          eth0[10.0.0.1] ===>>>|eth0[10.0.0.2]              |             
            |                        |      |                            |
            --------------------------      |                            |
                                            |                            |
                                            |                            |
            --------------------------      |                            |
            |       (( NK  ))        |      |                            |
            |      a workstation     |      |                            |
            |     eth0[192.168.1.105]|<<<===|eth1[192.168.1.100]         |
            |                        |      |                            |
            -------------------------       |                            |
                                            |                            |
                                            |                            |
            --------------------------      |                            |
            |       (( LK ))         |      |                            |
            |      a workstation     |      |                            |
            |        eth0[172.17.0.2]|<<<===|eth1[172.17.0.1]            |
            |                        |      |                            |
            --------------------------      ------------------------------