Secure network with public wifi?

[MikeATX]

My server is a Debian Etch box that acts as my firewall, web server, squid cache, DHPC server and has a large array for backing up photos and music.

I currently have a Linksys Router running DD-WRT setup as an AP on the internal nic with 63 character WPA2 Key as my only means of security

I would like to do the following while ensuring my internal network is safe and secure.

1. Provide free public wireless using a DD-WRT firmware router (Preferable utilizing the squid cache, only allowing some traffic and limit bandwidth.

2. Setup a 2nd AP for my personal use that is more secure than just WPA2 on my internal interface.

Would this require a total of 4 NICs? (ie. External, internal wired, public wireless and personal wireless)

I assume using VPN to connect to my network over the personal wireless would be a good choice for a 2nd layer of security but I'm unsure how to provide public wireless without leaving my network quite unsecure.

Currently my internal interface is 10.10.10.1 and the AP is 10.10.10.2 with dhcpd leasing .100 - .200

I'm currently using the ipkungfu package, as it seemed a safer bet than possibly leaving holes by writing my own iptables ruleset, but I assume this setup is going to require nothing less than a custom ruleset.

[iwanabeguru]

You need to create VLANs , google is your friend
how to create vlans on linux - Google Search