Let me make sure I understand... connections from the external (internet) to the webserver are being dropped but outbound internet connections are working?
There are two options that come to mind...
ACCEPT net local:xxx.xxx.xxx.xxx tcp 80
Where xxx is the ip address of your server.
You may need to set a static NAT rule, since traffic is being MASQ through the two interfaces. This would a Shorewall Manual question - that's one I don't know off the top of my head.
Or... possible adjust the policy rule:
You may want to set it to ACCEPT for testing purposes, just to find out if that rule is blocking or not. If ACCEPT works, and the first suggestion doesn't help... then I would try setting a static NAT rule to the server in question.
hope that helps