Here is the scenario.

I have workstations that connect to a remote Unix server and run an
application. In order to make this work through NAT, I have added
secondary IP addresses to the public interface. Statically NAT'd one

address to each workstation and each network printer that needs to be

setup for this application.

On the application side, I have had to setup their terminal emulation
to
see the internal host address as the statically NAT'd public address
and
the application works fine.

I have setup printers using both the statically NAT'd public address
with
no luck. I have also setup the printers using the private internal
address with no luck (even with the filters unloaded), but if I turn
off
NAT, everything works fine. When I ping the private address of the
printers (with filters unloaded), ping works fine. When I trace route
to
the private address of the printer, it stops at the public server NIC
with
the statically Nat'd address.

My simple rules are as follows:

Outbound Rule
Source interface: Private
Dest. Interface: Public
Packet Type : TCP Source Any Dest. Any
Source address: <a limited # of my private network IP range>
Dest. Address: <Host server IP address>

Inbound rule is the reverse of the outbound rule.

Basically, I allow any type of TCP traffic from my local LAN out to
that
specific IP and any TCP traffic originating from that IP back in.

Any ideas where I could be going wrong?

Steve D.