My home network diagram.

   ((??)) = the name of the machine

1.Using Bastille-Linux firewalls on (( GW )) and (( LAN  ))
2.port 80 is only open to the 'outside world' on (( GW  ))
3.port 80 on (( LAN )) is open to (( NK )) and (( LK  )) only

--------------------------
|       (( GW ))         |              
|                [ ppp0 ]|<<<=== The Internet
|Bastille-Linux Firewall |
|                        |  
|                        |      ----------------------------
|                        |      |         (( WS  ))        |
|                        |      |    a public WebServer    |
|        eth1[172.16.0.1] ===>>>|eth0[172.16.0.2]          |             
|                        |      |                          |
|                        |      ----------------------------
|                        |      -----------------------------|
|                        |      |         (( LAN ))          |
|                        |      | Webserver/Ftp Server       |
|                        |      | accessible by              |
|                        |      | (( NK )) and (( LK ))'only'|
|                        |      | [2 internal hosts]         |
|                        |      |                            |
|                        |      |                            |
|          eth0[10.0.0.1] ===>>>|eth0[10.0.0.2]              |             
|                        |      |                            |
--------------------------      |                            |
                                |    Bastille-Linux Firewall |
                                |                            |
--------------------------      |                            |
|       (( NK  ))        |      |                            |
|      a workstation     |      |                            |
|     eth0[192.168.1.105]|<<<===|eth1[192.168.1.100]         |
|                        |      |                            |
-------------------------       |                            |
                                |                            |
                                |                            |
--------------------------      |                            |
|       (( LK ))         |      |                            |
|      a workstation     |      |                            |
|        eth0[172.17.0.2]|<<<===|eth1[172.17.0.1]            |
|                        |      |                            |
--------------------------      ------------------------------