My classroom server is running Edubuntu 8.04. 20 thin clients connect via switch connected to eth0. eth1 connects to Internet through a satellite receiver. That all works OK.

I added a third NIC (eth2) so that I could attach a wireless access point to the server to allow teachers to get to the Internet from their Windows laptops. I configured DHCP to dish out IP addresses, name server, and router to the laptops. That all works. It's just that the laptops can't reach the Internet.

Where do I start to try to debug this problem?

The router which your wireless connections pass through musn't be set up properly; is your machine acting as the router as well (in which case you need to set up Network Address Translation through the iptables mechanism on your machine) or are requests being passed to another machine?

To eliminate that as an issue, I had connected a laptop directly to eth2. The result was the same. The issue is with the Ubuntu machine or with the router information that is being dished out through eth2. I am not sure what the "option routers" in dhcpd.conf should be set to. I have it set to the IP address of eth2. Also, I have tried setting it to the IP address of eth1, the IP address of the satellite receiver that is connected to eth1. From my laptop I have tried to ping those addresses and that doesn't work either.

The "option routers" should point to the machine with eth2; however, that machine also needs instructions to pass messages on to the internet or onto the rest of the LAN. Those would be the routing rules specified in the IP tables. (man iptables)

I assume 'eth2' is a different subnet from 'eth0'? Otherwise you'll need an awful lot more rules to route packets correctly.

The basic idea with the routine of packets on eth2 is that you inspect packets coming in from eth2; if the destination is on the LAN, then send it to eth0. If the destination is on the internet, send it through eth1. If a packet comes in from the internet and it is not a response to a connection initiated on the LAN, drop it; otherwise route it to the appropriate LAN subnet.

eth2 is on the 192.168.3 net whereas eth0 is on 192.168.0. I'm not sure why, but eth1 also is 192.168.0. Seems kinda odd to me that two separate interfaces would be on the same network. But I think that's the way Edubuntu installed by default when there were only the two NICs.

I thought iptables was for firewalling. Is that even operational on my Edubuntu machine?

The laptops do not have to communicate with anything on eth0 at all. I want the laptops to be able to reach the Internet, period. So somehow only packets destined for routable IPs should go out eth1, all others should be dropped... well, other than packets coming from the laptops and destined for Edubuntu box itself (i.e., destined for a 192.168.3 address) or for the DNS server (the Internet router hanging off eth1).

I don't want to mess around with iptables/firewalling if there is an easier way to accomplish this.

Altering the iptables is the only way to get your packets routed to eth1. Edubuntu would have already set up some routing rules if the clients can connect to the internet; if you can find out what tools/scripts Edubuntu uses to set this up then you can just add to the configuration to get your job done; trying to do it any other way could result in conflicts between the Edubuntu tools and whatever you set up.