How to setup Ubuntu router with 2 WAN interfaces

I have an ubuntu router with Ubuntu server 14.04 installed. Physical network interfaces are:

eth0 - local LAN
eth3 - WAN (internet)
wlan2 - local wireless LAN (AP)

This is my /etc/network/interfaces:

# The loopback network interface
auto lo
iface lo inet loopback

# LAN interface
auto eth0
iface eth0 inet manual

# This is the Wireless section.
auto wlan2
iface wlan2 inet manual
 up /sbin/ifconfig wlan0 up

# This is the Bridge section.
auto br0
iface br0 inet static
address 192.168.2.106
network 192.168.2.0
netmask 255.255.255.0
bridge_ports eth0 wlan0

# WAN network interface (NAT-ed)
auto eth3
iface eth3 inet static
address 192.168.1.1
netmask 255.255.255.0
gateway 192.168.1.20
dns-nameservers 8.8.8.8 4.4.4.4

Route is:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         192.168.1.20    0.0.0.0         UG    0      0        0 eth3
192.168.1.0     *               255.255.255.0   U     0      0        0 eth3
192.168.2.0     *               255.255.255.0   U     0      0        0 br0

I use UFW and this is what I have added to /etc/ufw/before.rules:

# Configure NAT settings
*nat
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 192.168.2.0/24 -o eth3 -j MASQUERADE
COMMIT

UFW's status:

Status: active

To                         Action      From
--                         ------      ----
22                         ALLOW       Anywhere
80                         ALLOW       Anywhere
443                        ALLOW       Anywhere
Anywhere                   ALLOW       192.168.2.0/24
22 (v6)                    ALLOW       Anywhere (v6)
80 (v6)                    ALLOW       Anywhere (v6)
443 (v6)                   ALLOW       Anywhere (v6)

Then I use also hostapd for wifi AP. Everything works perfectly. But... What I want to do is to add an additional network card which would be second WAN interface on which I have a public static IP. I want to use current eth3 as a main internet connection as it is very fast and reliable connection, but is behind a NAT, so it lacks public IP. I have additional internet connection with a public ip which I want to use only for accessing the server(router) from outside (ssh, http, https). The public IP internet connection would be connected to the eth2.

I do not know how to configure that. When I just enter this configuration into /etc/network/interfaces, I can't access the server (ssh,http,https) via a public IP specified for eth2. (internet connection with this public ip is ok - I tested it with different HW router and I could access it well from outside):

# WAN network interface with a public IP
auto eth2
iface eth2 inet static
address 217.XXX.XXX.AAA
netmask 255.255.255.224
gateway 217.XXX.XXX.BBB
dns-nameservers 8.8.8.8 4.4.4.4

Can anybody help me sorting this out?

OK, I partially solved the issue.>>>

I created new routing table and added routing for the "public ip WAN" and added an ip rule so everything which comes from the public ip will be routed using the new routing table to the correct interface/gw:

sudo ip route add 217.XXX.XXX.160/27 dev eth2 src 217.XXX.XXX.185 table T1
sudo ip route add default via 217.XXX.XXX.161 table T1
sudo ip rule add from 217.XXX.XXX.185 table T1

Now I have the server accessible from outside via public IP associated to WAN eth2. What worries me, that since I configured this, I have no access to the server via public IP from the LAN behind the router. I think this is because of masquerading is set in a way we route everything from LAN behing the router via eth3 - which is a WAN interface eht3 (without a public IP). Am I right? Is there a way how to fix this?