iptables first attempt

[LuckyPhoenix365]

Hi Guys

I'm having a go at setting up a internet gateway myself. My configuration seems to work fine, but was just curious if I'd done anything obviously stupid or omitted something important? The main thing I was going for is that nothing should be incoming other than ftp,http and https to 10.0.0.24, and that the box should provide normal internet access for all the computers on my LAN. eth0 is my connection to the internet and eth1 is my LAN.

Thanks

# Generated by iptables-save v1.4.12 on Mon Feb 18 12:28:57 2013

*filter

:INPUT ACCEPT [986:236399]

:FORWARD ACCEPT [61:9702]

:OUTPUT ACCEPT [1446:199609]

-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j REJECT --reject-with icmp-port-unreachable

-A INPUT -i eth0 -j DROP

-A INPUT -i lo -j ACCEPT

-A FORWARD -d 10.0.0.24/32 -p tcp -m tcp --dport 80 -j ACCEPT

-A FORWARD -d 10.0.0.24/32 -p tcp -m tcp --dport 21 -j ACCEPT

-A FORWARD -d 10.0.0.24/32 -p tcp -m tcp --dport 443 -j ACCEPT

-A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT

-A FORWARD -i eth1 -o eth0 -j ACCEPT

-A FORWARD -j LOG

COMMIT

# Completed on Mon Feb 18 12:28:57 2013

# Generated by iptables-save v1.4.12 on Mon Feb 18 12:28:57 2013

*nat

:PREROUTING ACCEPT [7085:1080699]

:INPUT ACCEPT [215:56651]

:OUTPUT ACCEPT [1349:87741]

:POSTROUTING ACCEPT [53:3236]

-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.0.0.24:80

-A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j DNAT --to-destination 10.0.0.24:443

-A PREROUTING -i eth0 -p tcp -m tcp --dport 21 -j DNAT --to-destination 10.0.0.24:21

-A POSTROUTING -o eth0 -j MASQUERADE

COMMIT

# Completed on Mon Feb 18 12:28:57 2013