Some extra comments to help tidy up the rules....
You have a DROP policy for both INPUT & FORWARD chains.
Therefore you don't need DROP rules..
unless they filter unwanted stuff for a later ACCEPT rule..
(Which you aren't doing here)
Anything not mentioned in the rules, gets to the end of the chain & the DROP policy gets them..
It looks from your question that you can't see what is happening (or not happening)
Add some (lots of) -j LOG rules to keep an eye on the DROPPED packets.
Start with one at the end of each chain, then, if it's not enough, at the beginning of each chain, then before & after each rule..
eg
Code:
echo "FIrewall Script Started"
iptables --flush
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i eth1 -s 192.168.0.2 -j ACCEPT
iptables -A INPUT -i eth1 -s 192.168.0.3 -j ACCEPT
iptables -A INPUT -i eth1 -s 192.168.0.4 -j ACCEPT
iptables -A INPUT -i eth0 -j LOG --log-prefix "incoming " --log-level 6
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i eth0 -j LOG --log-prefix "INPUT_2 " --log-level 6
iptables -A INPUT -i eth0 -p icmp --icmp-type destination-unreachable -j ACCEPT
iptables -A INPUT -i eth0 -p icmp --icmp-type time-exceeded -j ACCEPT
iptables -A INPUT -i eth0 -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A INPUT -i eth0 -j LOG --log-prefix "INPUT_end " --log-level 6
iptables -A INPUT -i eth0 -m state --state NEW -j allowed_ip
iptables -A allowed_ip -s x.x.x.x -j ACCEPT
iptables -A OUTPUT -o eth0 -p icmp -j ACCEPT
Have a read of this
iptables tutorial for detailed explanations..
