Well for starters, it's a really bad idea to have a box connected directly to the Internet and your inside network, especially if you don't have a firewall in front of it. Even if IP forwarding isn't enabled, it's still dangerous since a compromise to the webserver allows the attacker to access all your internal machines. If you put another NIC in it and allow Internet access, that would be worse since you would need to turn IP forwarding on. Attackers might be able to source-route packets through the webserver into your admin net.
For information about setting up an iptables firewall, check out the resources listed here
. I highly recommend setting the firewall up on a separate box. You can configure the firewall to pass the traffic for your two web server IPs back to the web server, which would sit behind the firewall.