Don't take what I am saying to be condescending, I don't mean it that way. Here is a list of what we know from your statements so far:
1) you have physical and logical connectivity to your server from the workstations.
2) You have physical and logical connectivity from your server to the internet.
3) You are able to resolve URL's to ip addresses at the server.
Now what is left from the workstations:
Do you have DNS available at the workstation --- test= ping
www.yahoo.com from workstation and watch for it to actually get an ip address to ping
What is the workstation gateway set to? Is it your server?
On the server:
what does the routing table look like? Is the traffic from your network going to get out through your server?
I am a bit bothered by what is in the iptables when it should be off. I only have a few entries in the inospoof chain. Like you I am not an expert on iptables.