Personally I find it strange that blocking packets to port 113 would deny access to "irc, mail and other stuff". Maybe you could try allowing outbound connections to this port but deny incoming connections with state NEW to this port. That way you could theoretically allow necessary connections on this port (outbound and related/established inbound).
About your NAT rule... I personally consider it quite safe. But if you are worried about spoofed IPs (and I do get some of them) you could add anti-spoof rules. Those would look like kind of like this:
iptables -I INPUT 1 -i ppp0 -s 192.168.0.0/24 -j SPOOF_RULE
iptables -I INPUT 1 -i eth0 -s ! 192.168.0.0/24 -j SPOOF_RULE
# (note: add a rule called 'SPOOF_RULE' and have it deny and log with a special prefix so that you notice the blocked spoof attempts like this:)
iptables -N SPOOF_RULE
iptables -A SPOOF_RULE -j LOG --log-level warning --log-prefix "INBOUND SPOOF BLOCKED: "
iptables -A SPOOF_RULE -j DROP
I see that you have knowledge about iptables so I leave it to you to adjust those rules to your LAN setup; regarding interfaces and so on. The idea is to block connections from certain interfaces that originate from IP adresses that can not be valid.
An example is this: I get incoming connections like this:
INBOUND SPOOF BLOCKED: IN=ppp0 OUT=eth0 SRC=192.168
.0.139 DST=192.168.0.18 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=60461 PROTO=TCP SPT
=2938 DPT=4665 WINDOW=0 RES=0x00 ACK URGP=0
This _could_ mean that someone tried to gain access to my LAN by spoofing his IP adress and making his packets appear like they originated from my LAN.
Pls bear in mind that this is all theoretical. I have rules quite like this but did not confirm the ones I posted as I altered them a bit. There certainly are ppl that have more experience with this than me so feel free to accept other advice.
And to all the others: Pls feel free to correct me if I'm wrong. I'm also learning all the time.