quazidaniel,
First of all to your configuration:
If you have 3 networks that have to communicate in certain ways with each other, use 3 NICs(Network Interface Card).
This eases the script complexity. And the extra 15$ investment are nothing.
This is because if they are on the same NIC, rules you do card based will apply to both networks.
In other words: If you create a drop rule for eth1 it will apply to eth1:1 too.
So you have to be very systematic writing such rules.
Dunamin is right in one thing; writing routing-scripts can be tedious.
Nevertheless the top security people get their hands dirty doing it.
This requires that you know what you are doing.
If you read the how-to I recommended and it did not tel you anything then better look fr a solution.
http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/
Maybe you are looking for a solution like
Smoothwall:
which is a open-source Firewall Solution based on different Linux open-source technologies.
It allows the management of up to 4 (using mods) different NICs.