firewall rule setup with several independent lan networks. howto?

[bongo]

i have a setup with 1 wan and 3 lan interfaces. the lan networks have to be isolated, allowing only some special packets to pass from 1 lan to the other.

question 1:
when i configure a firewall rule in the lan1 section, from a set of ip addresses to "any", will these ip addresses have access only to the internet (over the wan interface) or also to other lans?
i assume that this allows also access to other lans. so how can i make sure that only access to the internet is allowed but the other lans cannot be accessed?

question 2:
i have host1 in lan1 and host2 in lan2. i need to access port 80 of host1 from host2, i.e. an access between 2 lans.
can i just define a rule in the lan2 section of the firewall to allow source:host2/port:any to access destination:host1/port:80 ?

addon to question 2:
is there also a way to do a port translation so that host2 accesses port 8001 instead of port 80 (of either directly host1 or the firewall address) to end up with an access to host1/port:80 ?

thank you very much for your help!