Here is the scenario.

I have workstations that connect to a remote Unix server and run an
application. In order to make this work through NAT, I have added
secondary IP addresses to the public interface. Statically NAT'd one

address to each workstation and each network printer that needs to be

setup for this application.

On the application side, I have had to setup their terminal emulation
see the internal host address as the statically NAT'd public address
the application works fine.

I have setup printers using both the statically NAT'd public address
no luck. I have also setup the printers using the private internal
address with no luck (even with the filters unloaded), but if I turn
NAT, everything works fine. When I ping the private address of the
printers (with filters unloaded), ping works fine. When I trace route
the private address of the printer, it stops at the public server NIC
the statically Nat'd address.

My simple rules are as follows:

Outbound Rule
Source interface: Private
Dest. Interface: Public
Packet Type : TCP Source Any Dest. Any
Source address: <a limited # of my private network IP range>
Dest. Address: <Host server IP address>

Inbound rule is the reverse of the outbound rule.

Basically, I allow any type of TCP traffic from my local LAN out to
specific IP and any TCP traffic originating from that IP back in.

Any ideas where I could be going wrong?

Steve D.