# allows connection tracking support, needed
modprobe ip_conntrack
modprobe ip_conntrack_ftp

# enables connection tracking, needed
iptables -I FORWARD -m state --state INVALID -j DROP
iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

# allows all outbound traffic
iptables -A FORWARD --in-interface eth1 --out-interface eth0 -j ACCEPT

# allow inbound services
iptables -A FORWARD --in-interface eth0 --out-interface eth1 -p tcp -d 192.168.1.5 --destination-port smtp -j ACCEPT
iptables -A FORWARD --in-interface eth0 --out-interface eth1 -p tcp -d 192.168.1.5 --destination-port pop-3 -j ACCEPT
iptables -A FORWARD --in-interface eth0 --out-interface eth1 -p tcp -d 192.168.1.5 --destination-port ssh -j ACCEPT

# drop everything else
iptables -A FORWARD --in-interface eth0 --out-interface eth1  -d \! 192.168.1.5 -j REJECT