Suggestions for my network redesign?

Hi, I'm wondering if anyone's got any suggestions for me. I manage a small office network where I'm also a software developer (which is my main job). I used to be a network admin, but it was a much larger network with a lot bigger budget (we had a T1). This needs to be done pretty inexpensivley.

Currently we have a DSL (Qwest with their Actiontech modem) connection coming into a Linksys workgroup router with QOS which we use to prioritize our IP phone traffic. The phones have non-routable (NAT) IPs and they seem to do fine like that.
On one switch segment we have a Firebox SOHO 6tc firewall appliance connecting to a standard 10/100/1000 switch which connects to the PCs and servers.
We're using NAT and have one public IP address with various ports forwarded from the firewall, which is in the DSL modem's DMZ.

Now we'd like to get a block of 5 or 7 public IPs and assign those to some of the PCs and servers. We have a testbed with a bunch of PCs that don't need public IPs.

So inside the firewall I think I'm going to need two networks, one with the public IPs and one with NAT. I don't know for sure but I suspect my firewall may not support that, at least not without putting another router in. I also have doubts about my Linksys switch being able to support public IPs.

So does anyone have any knoledge or suggestions on a firewall appliance that would support two internal networks (one NAT and one with "real" IPs)? If not an applicance, should I go with some kind of Linux solution? I know that's the cheapest, but I need this to be low maintenence and easy to manage. Also, if I've come to the worng conclusion (that I need two internal networks) then please point out the flaw in my logic.

I'm thinking I may be able to use the DSL modem's QoS so I could get rid of the LinkSys switch or use it to create my NAT'd internal network for the testbed.

Thanks in advance for any suggestions or advise.

Matt

Good idea. Thanks!