Subnet mask separation between 192.168.2.x, 192.168.3.x and 192.168.1.x

My current setup is following: 192.168.1.x is the main zone behind a NAT router of my internet provider

192.168.2.x is another zone, where all my devices live - they are behind another NAT router, which allows much more configuration etc. If I need to connect to any device on the 1x network, the traffic goes through the router flawlessly.

I would like to create another subnet - namely 192.168.3.x to better organise my NAS traffic and interfaces.

However, if I set up the subnet mask as 255.255.0.0, I will not be able to go through the router and access the 1.x network easily.

At this moment, I will have the default mask at 255.255.0.0, which works fine, and then I have a single machine that has hard-coded value at 255.255.255.0, which forces the 1x through the router.

I would much rather have it all work seamlessly, what would be the best course of action? I was thinking about possibly re-numbering the first network to 10.x.x.x range, which would make things simpler but is there any other, easier way that it all could be achieved?

To sum up - the main problem is, that in order to allow 192.168.2.x and 192.168.3.x addresses to communicate together, the net mask needs to be 255.255.0.0, which puts also the 192.168.1.x onto the same subnet in the eyes of the network adapters (even though it is actually a separate network). What I would like is to come up with a netmask that would include 2.x and 3.x onto the same net but exclude the 1.x. Is it possible?

the reason I am looking for subnets is that my goal is to utilise both NICs of my NAS machine, and it requires to have separate subnets for each NIC. I would then connect both of the NICs to consumer-grade switches, which means that the traffic between them would be localised, and both of those switches then are interconnected for further comms. So I need to do a simple organised network but with the two actual subnets.. making sense?

idea: machine 1 is is belong to network A, B, & C, while machine 2 is belong to network A & B but not C, and machine 3 is belong to network C.... Thus machine 2 & 3 can connect to machine 1, but not vice versa .... although that would be useless, since Window Authentiation need bi-directional connection. unless you are running at LM (not NTLM or NTLMv2), which is for win2000 & 98 ....

Thanks for all the advice! However, are you sure that it still consumes bandwidth? I always thought that after a bit of use any of the consumer-level switches builds ARP table and only routes packets relevant to a port, not everything-everywhere (talking about wired, not wifi). Therefore having two subnets on the same switch still allows for a full bandwidth within the "subnets" (same as multiple machines in the subnet communicating to one another, I do not believe that all of them share the same 1GbE bandwidth..)