referring to your diagram, (network modified state):
I am guessing your ISP has given you public routable IP addresses :P, i cant imagine that
they wouldnt give your RFC 1918s
Anyway i think you can tackle this problem like this:
Configure your layer2 switch, for example you want to connect Port1 of the L2 switch to the eth1
of the linux box. From your L2 switch configure the Port1 as a trunk (dot1Q).
Create vlans as i said on the last post: for example: vlan2, vlan3 on the switch
on the linux box create the respective vlans on eth1 (eth1.2 eth1.3) - and give private IP addr.
a good idea to use different subnets for different vlans.
configure access ports on your switch and assign them to the vlans u created.
for example port2 (vlan2)... port3 (vlan3) etc...
connect your client devices to the ports on access switch, for example your laptop to port2 (your laptop is gonna be on vlan2,
assign an IP addr for ur laptop from the same subnet as of eth1.2 of ur linux box (the linux box
will be working as a gateway for ur internal clients). Confirm connectivity, with the gateway (the ip addr of linux box eth1.2)
Now u shud do some NAT on the linux box to translate these internal clients to external to reach Internet (ur linux box's eth0 is facing outside right?) -
IPTABLES will do the trick and i am sure u will know how to
One other thing, u can even use ur linux box to give out IP addr. to ur VLAN clients using DHCP - that shud be the next step i guess.
If u still are not able to get this right, give me a pm.