m0n0wall Forum - Consoles, WHS, MagicJack, Help with Rules

Ok I am no network guru so please be specific with your answers. That said, here is what I would like to accomplish. I have an xbox 360, ps3, wii, 2 original xboxs, a Windows Home Server (Acer EasyStore H340), a PC dedicated to running magicjack, and two regular computers (one running vista home premium and the other running ubuntu jaunty jackalope). I use the ps3 to stream videos and music from the WHS. This prevents me from placing the ps3 in the dmz because I need it on the same interface as my PCs and WHS (the PC: so I can upload new files/ the whs: so ps3 can see my videos and music). The xbox and wii can be placed in the DMZ because they do not need to access any other machines on my local network. I would like to allow the MagicJack PC to only access the internet and no other machines on the network. The two original xboxs should only be allowed local access and no internet. The two regular computers should have access to both the internet and the local network. One of my goals is to be able to have open nat for at least the xbox 360 and the wii.

WHS, 2 orginial xboxs - local only
MagicJack PC - internet only
PS3, 2 regular PCs - local and internet
Xbox 360, Wii - DMZ?

My setup is modem-->m0n0wall-->unmanaged switch--->machines
My m0n0wall has 3 interfaces available. I am currently using 2.

What should my firewall and nat rules look like? Also I would like to occasionally update the WHS so perhaps a disabled rule could be left in place and enabled when I need to update. Thanks for your help.