Here's what you want with your current Ethernet config:

NAT box: eth0 (internet IP address), eth1 (172.20.1.1)
New box: eth0 (172.20.1.2), eth1 (172.20.2.1)

The NAT box should have a default route to the ethernet, as normal (I'm ignoring the NAT stuff, but it sounds like you've got that working okay anyway). It should also have a route to 172.20.2/24 pointing at 172.20.1.2 (the local side of the new box). Your new box should have a default route pointing to 172.20.1.1 (the local side of the NAT box). It should also have routing enabled. This is usually referred to as ``IP Forwarding'', which may be configurable in some startup script, or by tweaking some stuff in /proc (I forget exactly what right now). The other machines on the new 172.20.2/24 network should have a default route of 172.20.2.1. All the machines on your 172.20.1/24 network should have a default route of 172.20.1.1, and, in an ideal world, also a route to 172.20.2/24 through 172.20.1.2, but it'll probably work without that, albeit somewhat slower.

Once you've done all of that, make sure everything on your local network can ping each other. If they can all ping each other okay, then your NAT connection for both networks should start working.

When you set up your PPP connection, see if you can get it to emulate that ethernet setup as closely as possible. That is, make sure your PPP server assigns an address on its local network, not set up a new network. It would actually be more efficient the latter way, but it will require even more work to get it set up right and toss most of this ethernet prototyping down the toilet.

Edit: Looking back at what you've done, it appears that most of your problem is likely to do with the route command you issued on the NAT box. Giving it the destination of eth0 told it that the new network is on the same wire as the old network, which is incorrect. You wanted it to route to your new box, which is functioning as a router, so you should have given its IP address as the destination to the route command. In general, you never want to give a device as a route destination. If it actually is running on the same wire, then you should create a subinterface with an address on that network, which should automatically insert that route for you anyway. I've never encountered a situation on a Unix machine where the appropriate destination was not another IP address. And remember that that address must be on a locally connected network; it can't be a hop or two down the line.