I ran a system that had two NICs: one connected to the internet, the other to the lan. I needed to SSH in from machines on the internet, and also from other machines on the lan. Of course, I wanted different policies for these two connections.
The simplest way was to run two SSH daemons, one for each interface. Here's how I set it up on a Redhat-style Linux server system, such as RHEL, CentOS, and Scientific Linux. The file paths and start-up procedures will be different for other distros.
THE FOLLOWING IS OFFERED WITHOUT WARRANTY OF ANY KIND. THIS IS WHAT I DID, BUT YOU MAY NEED TO DO SOMETHING DIFFERENT. YOU ARE RESPONSIBLE FOR ALL CHANGES TO YOUR SYSTEM. IF IT BREAKS, YOU GET TO FIX IT.
The instructions differ depending on whether the distro uses SysV Init (RHEL6 and earlier) or Systemd (RHEL7).