I said to you to not forget to accept the traffic that is incoming from the WAN.
You could solve by including the rule

ACCEPT all opt — in ETH01 out * ->

where ETH01 is the interface that connects your LAN to Internet.