Now do:

apt-get install libmd5-perl libnet-ssleay-perl libauthen-pam-perl libio-pty-perl shorewall dnsmasq openssl

wget http://surfnet.dl.sourceforge.net/sourceforge/webadmin/webmin_1.390_all.deb

"surfnet" is the dutch server. Change that to "heanet"(for Ireland), "belnet"(for Belgium), "mesh" (for Germany) and so on.

dpkg -i webmin_1.390_all.deb

cp /usr/share/doc/shorewall/examples/two-interfaces/* /etc/shorewall/

cd /etc/shorewall

gunzip interfaces.gz masq.gz rules.gz

Now open your browser and login to webmin at https://192.168.1.1:10000 as root with your root password and, using webmin's shorewall module, change the policy's and rules of your firewall as needed (for now, I only set the rules file to the example as shown, you may copy and paste my rules file for starters, if you don't like webmin).

Also set in /etc/shorewall/shorewall.conf  the line "IP_FORWARDING=Keep"  to  "IP_FORWARDING=On" (without quotes)
and enable the firewall in /etc/default/shorewall.

My /etc/shorewall/rules  now looks like this:

#############################################################################################################
#ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/
#							PORT	PORT(S)		DEST		LIMIT		GROUP
#								PORT	PORT(S) DEST			LIMIT	GROUP
#
#	Accept DNS connections from the firewall to the network
#
DNS/ACCEPT	$FW		net
ACCEPT	$FW	net	all
ACCEPT	$FW	loc	all
ACCEPT	loc	$FW	all
#
#	Accept SSH connections from the local network for administration
#
SSH/ACCEPT	loc		$FW
#
#	Allow Ping from the local network
#
Ping/ACCEPT	loc		$FW
#
# Reject Ping from the "bad" net zone.. and prevent your log from being flooded..
#
Ping/REJECT	net		$FW
ACCEPT		$FW		loc		icmp
ACCEPT		$FW		net		icmp
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

rm /etc/shorewall/README.txt Makefile

/etc/init.d/shorewall start

You should be able now to surf the net.

DO NOT PROCEED UNTILL YOU SUCCEED IN SURFING THE NET.  SINCE THIS IS YOUR FRAMEWORK. IT HAS TO BE OK.