a couple of things....
1st best to make the defaut policy of all chains DENY and then selectively let though what you want so
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
then accept anything from the actual firewall machine and any other local machines
iptables -A INPUT -i lo -j ACCEPT // this line is fine but add
iptables -A INPUT -i eth1 -j ACCEPT //assuming that eth1 is the card connected to your local network
i would change
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
to
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
that way any local traffic will travel unimpeeded to the firewall
you will also want to create a rule for forwarding
iptables -A FORWARD -i eth0 -d 192.168.0.0/24 -m state --state ESTABLISHED,RELATED -j ACCEPT
or something like that. Also
iptables -A FORWARD -i eth1 -j ACCEPT
and then through in your MASQUERADE line at the end.
** NOTE ** this is far from a perfect firewall, it is a start, more secure than the one you posted but really needs some more work before you should rely on it. My advice is to shut down everything and then selectively open it up until you have a working system. I aslo recommend checking out this link on
Connection Tracking
Rich