Hello!
My config :

localnetwork A :
- router connected to internet : 192.168.1.1 and other interface connected towards ISP
- machine X : eth0 is 192.168.1.37 and eth1 is 172.16.17.1/24 and GW is 192.168.1.1 and eth3 towards other localnetwork
localnetwork B :
- pc1 : 172.16.17.2/24 and GW is 172.16.17.1

machine x and pc1 are Linux Slackware
machine x has ipforwarding enabled and routing table is good

From machine X i can ping 209.85.229.99 (google)
From pc1 i can ping 192.168.1.1 put not 209.85.229.99 (google)

On the router i set up a route to 172.16.17.0 through 192.168.1.37

Why can pc1 ping the router but not 209.85.229.99 (google) ?

Your solutions are very much apreciated!

Thanks!

For PC1 Gateway is 172.16.17.1 - but you do not have it. When PC1 sends packets to internet, it sends them to GW, but GW is router and GW IP=IP LAN interface=192.168.1.1.

How many networks do you have and how they are connected to each other?

And if you talk about NETWORK it should be: 172.16.17.0/24

Ofcourse 172.16.17.1 exists, its eth1 of machine X .
For pc1 (172.16.17.2) to send packets to the internet it send to its GW (172.16.17.1) which redirects the packets to his GW (192.168.1.1) and then it eventualy goes to the internet. The GW of 172.16.17.2 cant be directly 192.168.1.1, it has to be 172.16.17.1 in order to exit 172.16.17.0, its the hole point of a GW.

i have :
192.168.1.0
172.16.17.0
172.16.27.0
thats all
If you must know, 192.168.1.1 is a router/modem/giving DHCP (192.168.1.2->254), it has a firewall, and abviously uses NAT. This equipement is not a ordinary cisco router, its built by the ISP, its a modem too, which connects online.

What i am thinking to be the problem is that :
PCs on 192.168.1.0 can send packets to internet and receive reply, because router serves the 192.168.1.0 with DHCP and its part of it.
But fot the packets of 172.16.17.0, the router directs them online i guess, but i think the problem is when the reply comes back, maybe its a firewall problem, maybe NAT is only configured for 192.168.1.0 ??????
(PS : Its not a route problem, the router has the route to 172.16.17.0 inscripted in its routing table)

PLEASE HELP !!

Thanks.
Now it is much clear.
192.168.1.1 - can you log in to it? Can you do something on it?
You probably need to masquerade outgoing connection from 172.16.17.0/24, can you post output of "iptable-save" on 192.168.1.1?

By masquerading I mean to use SNAT in iptables postrouting.
Because it is a good idea to masquerade all internal networks, but it may be already done, so we need to check.

yes i can access the graphical interface through 192.168.1.1 but am not sure i know what to configure, i mean i can add a DMZ (172.16.17.2 for eample but not sure if its a secure thing to do) and theres at first site no NAT menu at all !

Is there another way i could solution this, Lets say i configure NAT on my machine X (192.168.1.37 & 172.16.17.1), (so i kind of mask 172.16.17.0 from the router) would that give me access to internet through 172.16.17.2 ?!

Look, when packets come into machine X, its router (not others) decides what to do with packet, and if it was addressed to somewhere in internet, machine X should resend them to eth0, which is connected to router. But I think, if you can ping 192.168.1.1 - routing works, but if there is no masquerading, packets will enter 192.168.1.1 with source IP=172.16.17.0/24. So you need to tell iptables on machine X with 3 ethernet cards to masquerade network 172.16.17.0/24. To do it, you can log into it and type: "iptables-save", you will get output with configuration firewall/router on machine X. Post it here please.

When i type iptables-save on machine X its show nothing, theres no output.
If it's usefull where is what route shows :
Dest GW Genmask Flags Metric Ref/Use Int
192.168.1.0 * 255.255.255.0 U 0 0 eth0
172.16.17.0 * 255.255.255.0 U 0 0 eth2
172.16.27.0 * 255.255.255.0 U 0 0 eth1
loopback * 255.0.0.0 U 0 0 lo
default 192.168.1.1 0.0.0.0 UG 1 0 eth0

I have ip forwarding enable on machine X aswell

So you saying a solution is to configure NAT on machine is, Y/N?
How is it done correclty? Using iptables command ?

Did you type "iptables-save" on root console of the machine X?
NAT=iptables, so we need to know its configuration first.

Actually, you can check if iptables is loaded by command: lsmod |grep ip
If you will see in output modules like: ip_tables, nf_conntrack_ipv4 - iptables is loaded.