Ok now I really found the solution, and sorry for stealing the thread, but I think deca2499 got a very similar issue and maybe my solution works for him:
The server with the public IP got the icmp requests from 10.10.10.15, and tried to reply. But because of RFC 1918 a reply to a private address isn't working well.
So I just set up a source NAT for everything coming from 10.10.10.0/24 on the interface with the public network and now it works fine.
So you may try the following:
Lets say you configured 192.168.0.0 on eth1 and - as you said - 192.168.2.0 on eth2.
Now configure source NAT for these two interfaces:
Translation: masquerade to eth2
Translation: masquerade to eth1
It worked for me in this way and probably it does to you too :)
Thank you very much for your tips for troubleshooting the problem.
With the tcpdump I discovered that the web server gets the icmp requests, but does not reply (probably because the requests comes from a private address?).
So now I need to get in contact with some linux administrators.
But again thanks alot for your help :)
I got two ubuntu server, so ping is not blocked at the machine itself.
Thus the ER is the gateway for both the private and public subnet. The server in the 10.10.10.0/24 has the ER as 10.10.10.1 as default gateway, and the ER detected the public subnet and created a route by itself.
But it's not working and I don't have any idea why.
The server in the private subnet reaches everything in the internet (like 18.104.22.168), and the server in the public subnet is reachable from the internet. But not from the private subnet at the same router…