On your IPCop system you could use
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -j MASQUERADE
I think your 192.168.2.0 network should then have internet access.
If you use something like
iptables -A PREROUTING -t nat -p tcp -i eth0 --dport 80 -j DNAT --to 192.168.2.2:80
you can forward requests to certain ports (here: 80) to certain other ports on a destination machine (here: port 80 on 192.168.2.2). So people can access certain ports on certain machines from the outside. It's the same as port forwarding on a normal router.