On my first try I simply used a third intermediate network which was routed to network 1 and connected the NAT box in-between.
ASCII Art 2: Attempt 1
Network 1
192.168.150.0 (Corp)
|
Router
|
Network 2
192.168.180.0 (Intermediate)
|
NAT BOX |
eth0 192.168.180.180
eth1 192.168.150.180
|
Network 3 |
192.168.150.0 (Untrusted Network)
Using a combination of Destination NAT mappings and a Source NAT remapping, this was a partial success. I could access all the stuff on Network 3 from any network that WASN'T network 1. Why ? Localhost routing policy on the NAT box.
The local routing policy on a normal linux system is usually:
In that order. So since I was directly connected to 192.168.150.0 there was no way for the NAT box to talk to Network 1 since it was technically already directly connected to it, or at least it's doppleganger. I'm sure there's some way to overcome this using Alexey's ip util but I did not look into this further.