Question : Routing for Web Servers/Internal Network

To increase network performance and enforce PCI compliance I am trying to update our firewall to segment off our web servers from our internal office traffic and I am running into a routing issue.

Our current setup is pretty straight forward. 1 port on the NIC accepts all WAN traffic then the firewall does some NATing and maps traffic out to the LAN port and to our web hosts using a class C address (192.168 etc).

What I would like to do is stop NATing the web addresses to private ones and setup all the web servers on a 3rd NIC but I would like to get some opinions on the best way to set this up.  I assume the WAN port would stay exactly the same but what settings (ip,gateway,dns) would I use for the other 2 ports (private internal LAN, web servers)?

Answer : Routing for Web Servers/Internal Network

Yes, everything goes back to the firewall.  But the firewall will have an address on each network.. so if DMZ is 172.16.1.0 then GW is 172.16.1.1 for example.  While LAN would be 192.168.1.0 so GW is 192.168.1.1.