Let's draw a map:

A == 192.168.4.0/24 network
B == 192.168.0.0/24 network
C == 192.168.1.0/24 network
X == Novell Server
Y == Linux Server
Z == DSL Modem (assuming pppoe)
g h i == machines on Network A
l m n == machines on Network B

----A----[X]----B----[Y]----C----[Z]----\n|  |  |      |  |  |\n|  |  |      |  |  \\--[n] Yes Internet\n|  |  |      |  |\n|  |  |      |  \\--[m] Yes Internet\n|  |  |      |\n|  |  |      \\--[l] Yes Internet\n|  |  |\n|  |  \\--[i] No Internet\n|  |\n|  \\--[h] No Internet\n|\n\\--[g] No Internet

1. Can [Y] ping the (192.168.4.1) address of [X]?
2. Can [g,h,i] contact any machine on Network B using TCP/IP only (not NCP operations)? (ping etc...)
3. Can [l,m,n] contact any machine on Network A using TCP/IP only (not NCP operations)? (ping etc...)

If the answers are:

1. Yes
2. No
3. No

My dear friend... you are barking up the wrong tree (nice pun there, huh?). It is NOT the Linux machine causing the difficulty. You need to add something the Novell Server. Add routes or start an a RIP(v1 or v2) daemon(not that hard) on the novell server and the linux machine (limiting the linux machine to just what it sees on the private interface) and adding a default route to the Linux machine to point at the DSL modom. Forcing a default route on the Novell server is a HACK. Will work but isn't going to allow the Network B to contact Network A if need be. Also do not start an OSPF or BGP daemon... WAY overkill and not friendly for first-timers.

Limit the scope on the Novell server to those two networks and the default advertising on the A network. Make the Linux machine adverstise default on the B network.

Do not advertise on the DSL side... for your own benefit.

Spoofing protection (IOW allowed clients on the private side) on the outgoing is forcing things not right.

Or, to put it another way:

making sure who you are and who you claim to be is the same thing. From an ARP perspective and packet mangling. Usually an "interface rule"