Re: simple router
I recommend using the ppp daemon to handle the pppoe setup instead of the DSL modem. Most DSL modems can be put into bridge mode so the auth can be handled by an internal device(your debian firewall). This will allow you to have more control and therefore assist in troubleshooting issues. This will also eliminate the publicly unroutable IP and subnet on your wan interface which will then be ppp0.
# apt-get install pppoeconf
In either case you should post the output of the following but only after ensuring you can get out from the firewall machine.
# iptables -t nat -L -n -v
# iptables -t filter -L -n -v
# iptables -t mangle -L -n -v
# route -n
# cat /proc/sys/net/ipv4/ip_forward
NOTE: feel free to replace ip info with <REMOVED> or something similar if leaking of this info is a concern just make sure its a valid IP before sending the info. Also if iptables is not your strongest skill you could use ipmasq or another wrapper script ie: firehol etc. I REALLY recommend writing your own though.