i have set net.ipv4.ip_forward to one and have 2 network card on RHEL4 with x.x.20.10 & x.x.30.10 with default gateway x.x.20.1 out to internet.

x.x.30.0 x.x.30.10 255.255.255.0 UG 0 0 0 eth1
x.x.30.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
x.x.20.0 x.x.20.10 255.255.255.0 UG 0 0 0 eth0
x.x.20.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 x.x.20.1 0.0.0.0 UG 0 0 0 eth0


have machine x.x.30.11 with following:

x.x.30.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
x.x.20.0 x.x.30.10 255.255.255.0 UG 0 0 0 eth0

this can ping x.x.30.10 and x.x.20.10
but can not ping anything in 20 subnet and get to internet

another machine x.x.20.11 with following:

x.x.30.0 172.27.20.10 255.255.255.0 UG 0 0 0 eth0
x.x.20.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 x.x.20.1 0.0.0.0 UG 0 0 0 eth0

this can ping both 20 & 30 and also get out to internet.

please help

Can you please edit your post and replace x.x. with something like 192.168. It's hard to read

I think your setup should look a a little more like this (Assuming your scheme is 172.27.x.x):

1. You were missing a default gateway on 172.27.30.11

2. Is the "router" (172.27.20.10, 172.27.30.10) doing NAT? From the default gateway on the "router" (172.27.20.1) it looks like you pass it off to another device. If the "router" is doing NAT, you may be NATting traffic before you can route it. You may want to post the output of "iptables -vnL -t nat".

3. The "router" won't route the traffic if iptables is blocking it in the FORWARD chain of the FILTER table. You may want to post the output of "iptables -vnL".

Hope this helps.