I am my own reluctant sysadmin and sometimes do not take the time to understand things as well as I should, so perhaps I am overlooking something which already exists.
When I have my own firewall computer, I like the fact that it can reroute things from one side to the other based on ports etc. For a while, I had a system with dialup (low bandwidth but reasonable latency) and satellite (reasonable bandwidth but miserable latency) and it was nice to be able to route ssh over dialup and most other things over the satellite.
Is there any way to create virtual network devices which would allow this on a machine which is its own firewall? For simplicitiy sake, suppose the dialup device was /dev/eth0 and the satellite was /dev/eth1. What I would like to do is create /dev/eth2 as a single device used by all programs, and have iptables rules which would steer the outbound traffic to eth0 or eth1 as appropriate. With a separate firewall computer, this is the only way you can do it, and it was easy to understand.
VPNs use tun/tap devices -- are those virtual devices of the sort I would need? Or is there some way to simply make one up?