[TriLUG] Iptable problem

[Jeri C. Gloege]

Forgive me if I am in the wrong forum here folks.  It has been SOOO long 
since I posted to trilug but I need HELP!  Ack!  How are all of you btw???   
I see from the website that Kevin and your other fearless leaders are 
doing a smashing job with trilug and that member participation is at an 
all time high!  I think that is awesome!

My problem is this:  and again if I am sending it to the wrong forum aka 
you have a I need help please email list, just simply direct me to the 
right one as I have been offlist now for 18 months  :)

I have a box set up as a simple firewall doing NAT and also running 
apache.  It is doing vhosts on one of the outside addresses.  Everything 
works except people inside the network cannot access anything I have 
locally running.  The packets aren't dropped - they just seem to vanish.  
The default policy on every table is accept except forward:

Chain FORWARD (policy DROP 0 packets, 0 bytes) 
pkts bytes target     prot opt in     out     source               
destination       
 60241 9906K ACCEPT     all  --  any    any     anywhere             
anywhere           state RELATED,ESTABLISHED  
 361 18321 ACCEPT     all  --  eth0   any     192.168.0.0/24       
anywhere           state NEW 

(Needless to say eth0 is internal lan)

Chain POSTROUTING (policy ACCEPT 591 packets, 37808 bytes) 
pkts bytes target     prot opt in     out     source               
destination     
465 41285 MASQUERADE  all  --  any    any     192.168.0.0/24       
anywhere    


That is it for rules.  Now, if I sniff on eth0 I see the incoming syn 
packets for the webserver but no replies.  HELP!  I am clueless as to why 
this is not working.  

Beer next time I am in NC for whomever gets me a solve.  I have got to get 
this sucker fixed asap!

Thanks!

Jeri