Woops, I hit the "post" button a bit premature then.

Since this involves firewall fun like IP packet filtering, IP packet
routing, NAT etc., I would say install Shorewall. There is a 3
interface example that will do much of the work for you.