Someone please help me! Has to be something very simple that I am missing.

I'm not so worried about security, this is all test stuff and if it gets hacked before I have a chance to tweak security,
no big deal. I'll just keep learning!

I have three devices for networking - ppp0, eth0, and eth1

eth1 is set to 19.7.2.1 - it's internal and all my lan machines have it set as the gateway
eth0 (which seems to also be ppp0) are connected to the internet via dsl (bellsouth)

I can get to the internet on this box, but no machines on the lan can get to the internet.

----
I can ping the internal address above from the other lan machines and I can ping the lan machines through eth1
from the router...

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
adsl-3-141-1.ae * 255.255.255.255 UH 0 0 0 ppp0
68.223.105.0 * 255.255.255.0 U 0 0 0 eth0
19.7.2.0 * 255.255.255.0 U 0 0 0 eth1
default adsl-3-141-1.ae 0.0.0.0 UG 0 0 0 ppp0

----
I have flushed iptables and now only have MASQ going. No other policies exist...

# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy DROP)
target prot opt source destination
MASQUERADE all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

----
Modules loaded...

Module Size Used by Not tainted
appletalk 26468 0 (autoclean)
ipx 22404 0 (autoclean)
ppp_synctty 7936 0 (unused)
ppp_async 9440 1
ppp_generic 24380 3 [ppp_synctty ppp_async]
slhc 6740 0 [ppp_generic]
ipt_MASQUERADE 2200 1 (autoclean)
iptable_nat 19960 1 (autoclean) [ipt_MASQUERADE]
ipt_TOS 1656 0 (autoclean)
ipt_LOG 4184 0 (autoclean)
ipt_limit 1560 0 (autoclean)
ipt_state 1048 0 (autoclean)
ip_conntrack 21244 2 (autoclean) [ipt_MASQUERADE iptable_nat ipt_state]
iptable_mangle 2776 0 (autoclean)
ide-cd 33608 0 (autoclean)
cdrom 33696 0 (autoclean) [ide-cd]
soundcore 6532 0 (autoclean)
autofs 13348 0 (autoclean) (unused)
eepro100 22264 1
3c59x 30640 1
ipt_REJECT 3736 0 (autoclean)
iptable_filter 2412 0 (autoclean)
ip_tables 14936 11 [ipt_MASQUERADE iptable_nat ipt_TOS ipt_LOG ipt_limit ipt_state iptable_mangle ipt_REJECT iptable_filter]
mousedev 5524 1
keybdev 2976 0 (unused)
hid 22244 0 (unused)
input 5888 0 [mousedev keybdev hid]
usb-uhci 26188 0 (unused)
usbcore 77024 1 [hid usb-uhci]
ext3 70368 6
jbd 52212 6 [ext3]


----

Set up:

ADSL Modem -> ROUTER eth0 (ppp0 - again, seem to be the same like it's aliased or something) ->
ROUTER eth1 -> 3COM 8 port switch (plain hub unavailable - NOT in uplink - enabling uplink kills connection)
All other lan machines connected to switch in various ports

Any thoughts?

Welcome to Linuxquestions!

I'd change the masquerading rule to only apply to outbound packets like this:
iptables -t nat -A PREROUTING -o eth0 -j MASQUERADE

Also you didn't mention whether you had added any rules to forward packets:
iptables -I FORWARD -i eth1 -o eth0 - j ACCEPT
iptables -I FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT

and whether you've turned on packet forwarding in the kernel:
echo "1'" > /proc/sys/net/ipv4/ip_forward

To be honest, I don't think you need to sacrifice your systems security in order to learn linux. You'd be better off learning about them (linux & linux security) at the same time. Alot of people put off properly securing their boxes until "later" and end up paying for it in the end.

Hey thanks for the tip. Gonna try again tonight when I have full control of the internet at home (sharing with wife and kids of course!)

That is soooo true about security. I swear though, I have tried a dozen firewalls and other suggestions by now.

I just want to say 'WOW, I GOT IT!' at least once...

Write back in a short.

Hey Capt_Caveman...

Thanks for your help here.
To answer your earlier questions, yes to all.

Like I mentioned, I found and tweaked a few firewall scripts that I liked and seemed to provide security for what I wanted to do. I settled on one, which I will have to remember where I got it from (I think Netfilters site), but it gave a lot of information to me just by reading it often.

When I made my first post, I dumped iptables completely and started adding my own settings one at a time and checking results.

The problem was that on the LAN machines, I had the DNS entries set to the host/ip of the ROUTER. After I changed one machine's DNS to carry the host/ip of my ISP, I was able to get out to the Internet.

So I just want to say 'WOW, I GOT IT!'

Everything is working fine, including external access via vsftpd and telnet. I will now lock them down somewhat to provide better security. I want those abilities although I think most would call it a 'not bad, but not great, idea'.

I WANT TO THANK THIS SITE and EVERYONE HERE TREMENDOUSLY.