Linux as gateway with VLANs failing for local network

Question

We have a private VLAN being routed out from a host connected both to it and to our public network. Hosts on the private VLAN have the private IP address of the gateway host (10.2.2.82) set as their default gateway. This works fine to reach almost all hosts on the internet, with the exception of those on the same network as the gateway machine.

Here's the setup on the gateway host:

[root@gateway ~]# ip rule show
0:  from all lookup local 
32764:  from 10.2.2.0/24 lookup private 
32765:  from 1.2.3.0/24 lookup public 
32766:  from all lookup main 
32767:  from all lookup default 

[root@gateway ~]# ip route show table public
1.2.3.0/24 dev eth0  scope link 
default via 1.2.3.1 dev eth0 

[root@gateway ~]# ip route show table private
10.2.2.0/24 dev eth0.200  scope link 

It also has the standard NAT MASQUERADE setup.

A bit of tcpdumping pings shows that for hosts that are reachable, packets are seen arriving at the gateway, then leaving the gateway with appropriately changed source address, then the return packets are seen doing the reverse. Pings to hosts on the same subnet as the gateway machine are seen arriving at the gateway host but stopping there.

I've tried ip route add default via 1.2.3.1 dev eth0 table private but it doesn't seem to help.

Here's the output from a private machine:

[root@internal /]# ping -c 1 10.2.2.82
PING 10.2.2.82 (10.2.2.82) 56(84) bytes of data.
64 bytes from 10.2.2.82: icmp_seq=1 ttl=64 time=0.217 ms
--- 10.2.2.82 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.214/0.214/0.214/0.000 ms

[root@internal /]# ping -c 1 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=49 time=15.5 ms
--- 8.8.8.8 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 15ms
rtt min/avg/max/mdev = 15.471/15.471/15.471/0.000 ms

[root@internal /]# ping -c 1 1.2.3.1
PING 1.2.3.1 (1.2.3.1) 56(84) bytes of data.
--- 1.2.3.1 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 10000ms

What are we missing to make the private VLAN hosts able to ping those on the same subnet (1.2.3.0/24) as the gateway?