port forwarding

[Gary Koskenmaki]

Hi all,

I've read the mailing list archives and don't see anything similar to
the problem I'm having.

I have a test lab in which I use fiaif for the gateway firewall, an
apache server, and a workstation.  I have set up fiaif to port forward
www traffic to the apache server and that works fine from any non-local
IP address.  However, I have a problem reaching the apache server
through the gateway from the workstation.  Telneting into the server
tells me "connection refused" although I know the port is open.
Sniffing the traffic from a browser attempting to access the web server
from the  workstation on the lan shows the firewall is giving me packets
with the rst,ack flags set.  

Can anyone give me a clue as to how to work around this?  I'm pretty
puzzled as to what I'm doing wrong.  My best guess is that fiaif is
denying my access to the web server because it's having trouble
forwarding traffic from EXT that originates in INT back into INT.  Would
moving the web server over to the DMZ zone fix this problem?