Time to Masquerade!

We want to allow packets to forward freely through the internal interface, so add the following rules to the script: iptables -A FORWARD -i eth1 -j ACCEPT iptables -A FORWARD -o eth1 -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
This allows packets to be forwarded in (-i eth1) and out of (-o eth1) our internal interface. This is necessary for IP Masquerading to function. The third line takes advantage of the connection tracking module we loaded earlier. Any connections that have already been established and match the state (-m state) of ESTABLISHED or RELATED are allowed to be forwarded.
Now, since this is also a firewall, we don't want anything else to FORWARD through. Add this line to the script: iptables -P FORWARD DROP
This line sets the default policy for the FORWARD chain to DROP (-P FORWARD DROP).
A good rule of thumb is to remember to add all of your ACCEPT rules before doing your DROP rules. There are exceptions to this of course, but it is generally correct.

We want to allow packets to forward freely through the internal interface, so add the following rules to the script: iptables -A FORWARD -i eth1 -j ACCEPT iptables -A FORWARD -o eth1 -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT