This is what you need to do.
#1 On the devices that you don't want to access the Internet, set them manually on the devices to use only a Static IP and a Subnet Mask.
#2 By leaving the Default Gateway and DNS Servers blank they can not access the net.
a) Unless that is: Another computer on the same LAN that has Internet Access acts a proxy server and they set their web browser to use that proxy server on the correct port of the proxy server.
b) Since the NAS most likely does not have a web browser then by leaving the Default Gateway and DNS Servers blank, then far as I know there is no work around(s) to get online.
#3 As how to do that in the PC, that will depend on the OS and Version of that PC.
For example of how to do it, on Windows XP see portforward.com -> Guides -> Configuring a Static IP Address -> Setup a Static IP address on Windows XP
#4 As how to do that on the NAS: That will depend on the brand, model, hardware version of the NAS and what firmware it has on it.
#5 I don't know for sure if your NAS will let you keep the Default Gateway and DNS Servers blank. I hope it does...--
Please use the "yellow (IM) envelope" to contact me and please leave the URL intact.