Локальная сеть, шлюз, iptables, HELP

Доброго всем времени суток.
Есть сервер который ходит в инет через VPN. Есть локальная сеть которая ходит в инет через сервер. Как настроить Iptables так что бы из сети все могли ходить куда угодно, а в сеть никого не пускало?

Написал правила, но ничего не работает. Сервер в инет лезет, а локалку не пускает.

# Generated by iptables-save v1.4.4 on Sat May 15 17:43:56 2010
*nat
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]

-A POSTROUTING -s 192.168.0.0/24 -o ppp0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
COMMIT
# Completed on Sat May 15 17:43:56 2010
# Generated by iptables-save v1.4.4 on Sat May 15 17:43:56 2010
*mangle
:PREROUTING ACCEPT [4439:309956]
:INPUT ACCEPT [2044:164373]
:FORWARD ACCEPT [2116:125292]
:OUTPUT ACCEPT [17435:1241285]
:POSTROUTING ACCEPT [3240:299687]
COMMIT
# Completed on Sat May 15 17:43:56 2010
# Generated by iptables-save v1.4.4 on Sat May 15 17:43:56 2010
*filter
:FORWARD DROP [0:0]
:INPUT DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -m state -s 192.168.0.0/24 -i eth1 --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -m state -d 10.22.100.3/32 -i eth0 --state ESTABLISHED -j ACCEPT
-A INPUT -m state -d 172.16.0.1/32 -i ppp0 --state ESTABLISHED -j ACCEPT
-A FORWARD -m state -s 192.168.0.0/24 -i eth1 --state NEW,ESTABLISHED -j ACCEPT
-A FORWARD -m state -d 192.168.0.0/24 -i eth0 --state ESTABLISHED -j ACCEPT
-A FORWARD -m state -d 172.18.0.0/16 -i eth0 --state ESTABLISHED -j ACCEPT
-A FORWARD -m state -d 192.168.0.0/24 -i ppp0 --state ESTABLISHED -j ACCEPT
-A FORWARD -m state -d 172.18.0.0/16 -i ppp0 --state ESTABLISHED -j ACCEPT
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A OUTPUT -m state -d 192.168.0.0/24 -o eth1 --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -m state -o eth0 --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -m state -o ppp0 --state NEW,ESTABLISHED -j ACCEPT
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Sat May 15 17:43:56 2010



На сервере eth0 смотрит в инет, eth1 в локалку.
ifconfig

eth0 Link encap:Ethernet HWaddr e0:cb:4e:0b:f1:0a
inet addr:172.18.44.181 Bcast:172.18.45.255 Mask:255.255.254.0
inet6 addr: 2002:bc85:ded8:4:e2cb:4eff:fe0b:f10a/64 Scope:Global
inet6 addr: fec0::4:e2cb:4eff:fe0b:f10a/64 Scope:Site
inet6 addr: fec0::b:e2cb:4eff:fe0b:f10a/64 Scope:Site
inet6 addr: 2002:bc85:de3f:b:e2cb:4eff:fe0b:f10a/64 Scope:Global
inet6 addr: fe80::e2cb:4eff:fe0b:f10a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8382 errors:0 dropped:0 overruns:0 frame:0
TX packets:4602 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1896131 (1.8 MB) TX bytes:715344 (715.3 KB)
Interrupt:18

eth1 Link encap:Ethernet HWaddr e0:cb:4e:0b:f1:09
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::e2cb:4eff:fe0b:f109/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4169 errors:0 dropped:0 overruns:0 frame:0
TX packets:3187 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:595794 (595.7 KB) TX bytes:1584163 (1.5 MB)
Interrupt:17

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

ppp0 Link encap:Point-to-Point Protocol
inet addr:188.133.22.9 P-t-P:172.16.0.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:2774 errors:0 dropped:0 overruns:0 frame:0
TX packets:3303 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:1312637 (1.3 MB) TX bytes:467104 (467.1 KB)



подскажите пожалуйста что не так?