Thanx for your answer. i thougd somewhat the same as what u desribe. But still the problem. u tell me that if i connect from the lan side, my chains are configered correct if i remove the rules described by u.

If i connect my vpn from lan, i have no internet connection anymore when the forward chain is in drop mode. when i put it to accept, i have working internet again during my pptp session.
So my question is how to accomplish that one. with the forward chain on drop mode.