Hello,
Finally I was able to code the firewall exactly as it is intended to operate. It was tough and I even tried to cheat by using Firestarter on a live session and copy the resulting codes, but they turned out to be even more complex than what I wanted. Even tried Shorewall but it did not suit my purpose. I was almost giving up but finally got the wall up. Now I have understood the main concepts and what goes to which table/chain.
In this setup, there are 15 machines in a LAN and except 4 senior users, no one had internet access. However the company decided to get a remote office setup at their website and everyone would pass on memos, to-dos, jobs etc through it. Therefore net access had to be enabled but only to that website. The 4 main users would still have to be allowed to go anywhere on the net.