The setup for your second masquerading box will be essentially the same
as the box that masquerades your Internet traffic.  Define the internal
network, the external interface, and run ipchains ... -j MASQ or

http://www.linuxdoc.org has lots of HOWTO's regarding ipchains,
masquerading, etc.

The tricky part is probably the routing on your 192.* nets.  Optimally,
individual nodes should have enough information to decide where to send
an IP datagram destined for 172.16.*, in addition to the default route. 
This would involve either running an IGRP such as RIP or OSPF, or adding
static routes to nodes (easy to do for three workstations). 
Alternatively, you can stick with default routing and have your Internet
router/masquerader could issue ICMP redirects, assuming it knows about
the 172.16.* route.

Hugh Brown wrote:
> I have an interesting routing dilemma (I'm a networking newbie, hence
> the dilemma)
> Here's what I have setup right now
> I have three networks interconnected.  I have a firewall that does
> masquerading for three workstations (on a 192.168.*.* subnet) to the
> Internet. The firewall has two NICs in it, one on the internal network
> on one on the Internet.  One of the workstations also has two NICs and
> is connected to someone else's internal network (172.16.*.*).  I would
> like to have the workstation that is multi-homed on 192.. and 172.. do
> masquerading from workstation on 192 to the network on 172.  Can anyone
> point me in the right direction (I'm happy to RTM, I just need to know
> where the manual is)
> Hugh
