If the web server is on the same subnet that your lan is on then it's not really a DMZ. My understanding of most SOHO firewalls is that in order for a DMZ to function the participants behind the firewall should have valid _public_ IPs on the same subnet as the 'outside' port of the firewall.
If you're using NAT masquerading then you would need to segment the 'public' servers from your 'private' LAN. A screened subnet can more or less achieve that.
So your net would look something like this
Lan pool would be on 192.168.0.0
NAT dmz would be on 192.168.99.0
Note that in order for these to be effective you need to make sure that you are using forwarding rules (ie: in iptables/chains) to get in/out rather than static routes.
Have a look at
http://csrc.nist.gov/publications/ni...10/node58.html
It was the first result from a google search for 'screened subnet example'