Fully patched, I'm tring to est. an http connection to this link, http://xcfspam1.messagingarchitects.com. On the public side it works fine. The end result is a login prompt. On the private side it times out. If I unload ipflt it works on the private side. I have a conversations from both sides but cannot attach them here so I'm pasting them into this post. I have run out of ideas on what could be blocking this connection.

Thanks for any input

INSIDE THEN FIREWALL
No. Time Source Destination Protocol Length Info
3 1.582788 10.10.6.105 10.10.3.10 DNS 92 Standard query A xcfspam1.messagingarchitects.com

Frame 3: 92 bytes on wire (736 bits), 92 bytes captured (736 bits)
Ethernet II, Src: G-ProCom_06:a9:82 (00:23:24:06:a9:82), Dst: Hewlett-_1f:30:67 (00:13:21:1f:30:67)
Internet Protocol Version 4, Src: 10.10.6.105 (10.10.6.105), Dst: 10.10.3.10 (10.10.3.10)
User Datagram Protocol, Src Port: 52954 (52954), Dst Port: domain (53)
Domain Name System (query)

No. Time Source Destination Protocol Length Info
4 1.584601 10.10.3.10 10.10.6.105 DNS 307 Standard query response CNAME www.sortmonster.net A 204.232.237.0

Frame 4: 307 bytes on wire (2456 bits), 307 bytes captured (2456 bits)
Ethernet II, Src: Hewlett-_1f:30:67 (00:13:21:1f:30:67), Dst: G-ProCom_06:a9:82 (00:23:24:06:a9:82)
Internet Protocol Version 4, Src: 10.10.3.10 (10.10.3.10), Dst: 10.10.6.105 (10.10.6.105)
User Datagram Protocol, Src Port: domain (53), Dst Port: 52954 (52954)
Domain Name System (response)

No. Time Source Destination Protocol Length Info
5 1.585154 10.10.6.105 204.232.237.0 TCP 62 mentaclient > http [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1

Frame 5: 62 bytes on wire (496 bits), 62 bytes captured (496 bits)
Ethernet II, Src: G-ProCom_06:a9:82 (00:23:24:06:a9:82), Dst: Hewlett-_39:a0:49 (00:1b:78:39:a0:49)
Internet Protocol Version 4, Src: 10.10.6.105 (10.10.6.105), Dst: 204.232.237.0 (204.232.237.0)
Transmission Control Protocol, Src Port: mentaclient (2117), Dst Port: http (80), Seq: 0, Len: 0

No. Time Source Destination Protocol Length Info
6 2.303880 10.10.6.105 204.232.237.0 TCP 62 mentaclient > http [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1

Frame 6: 62 bytes on wire (496 bits), 62 bytes captured (496 bits)
Ethernet II, Src: G-ProCom_06:a9:82 (00:23:24:06:a9:82), Dst: Hewlett-_39:a0:49 (00:1b:78:39:a0:49)
Internet Protocol Version 4, Src: 10.10.6.105 (10.10.6.105), Dst: 204.232.237.0 (204.232.237.0)
Transmission Control Protocol, Src Port: mentaclient (2117), Dst Port: http (80), Seq: 0, Len: 0

No. Time Source Destination Protocol Length Info
7 3.453731 10.10.6.105 204.232.237.0 TCP 62 mentaclient > http [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1

Frame 7: 62 bytes on wire (496 bits), 62 bytes captured (496 bits)
Ethernet II, Src: G-ProCom_06:a9:82 (00:23:24:06:a9:82), Dst: Hewlett-_39:a0:49 (00:1b:78:39:a0:49)
Internet Protocol Version 4, Src: 10.10.6.105 (10.10.6.105), Dst: 204.232.237.0 (204.232.237.0)
Transmission Control Protocol, Src Port: mentaclient (2117), Dst Port: http (80), Seq: 0, Len: 0

OUTSIDE THE FIREWALL
No. Time Source Destination Protocol Length Info
1 0.000000 38.124.22.217 66.28.0.45 DNS 92 Standard query A xcfspam1.messagingarchitects.com

Frame 1: 92 bytes on wire (736 bits), 92 bytes captured (736 bits)
Ethernet II, Src: G-ProCom_06:a9:82 (00:23:24:06:a9:82), Dst: Cisco_0f:18:00 (00:18:73:0f:18:00)
Internet Protocol Version 4, Src: 38.124.22.217 (38.124.22.217), Dst: 66.28.0.45 (66.28.0.45)
User Datagram Protocol, Src Port: 53641 (53641), Dst Port: domain (53)
Domain Name System (query)

No. Time Source Destination Protocol Length Info
2 0.001010 66.28.0.45 38.124.22.217 DNS 379 Standard query response CNAME www.sortmonster.net A 204.232.237.0

Frame 2: 379 bytes on wire (3032 bits), 379 bytes captured (3032 bits)
Ethernet II, Src: Cisco_0f:18:00 (00:18:73:0f:18:00), Dst: G-ProCom_06:a9:82 (00:23:24:06:a9:82)
Internet Protocol Version 4, Src: 66.28.0.45 (66.28.0.45), Dst: 38.124.22.217 (38.124.22.217)
User Datagram Protocol, Src Port: domain (53), Dst Port: 53641 (53641)
Domain Name System (response)

No. Time Source Destination Protocol Length Info
3 0.001587 38.124.22.217 204.232.237.0 TCP 62 audit-transfer > http [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1

Frame 3: 62 bytes on wire (496 bits), 62 bytes captured (496 bits)
Ethernet II, Src: G-ProCom_06:a9:82 (00:23:24:06:a9:82), Dst: Cisco_0f:18:00 (00:18:73:0f:18:00)
Internet Protocol Version 4, Src: 38.124.22.217 (38.124.22.217), Dst: 204.232.237.0 (204.232.237.0)
Transmission Control Protocol, Src Port: audit-transfer (1146), Dst Port: http (80), Seq: 0, Len: 0

No. Time Source Destination Protocol Length Info
4 0.006501 204.232.237.0 38.124.22.217 TCP 62 http > audit-transfer [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460 SACK_PERM=1

Frame 4: 62 bytes on wire (496 bits), 62 bytes captured (496 bits)
Ethernet II, Src: Cisco_0f:18:00 (00:18:73:0f:18:00), Dst: G-ProCom_06:a9:82 (00:23:24:06:a9:82)
Internet Protocol Version 4, Src: 204.232.237.0 (204.232.237.0), Dst: 38.124.22.217 (38.124.22.217)
Transmission Control Protocol, Src Port: http (80), Dst Port: audit-transfer (1146), Seq: 0, Ack: 1, Len: 0

No. Time Source Destination Protocol Length Info
5 0.006517 38.124.22.217 204.232.237.0 TCP 54 audit-transfer > http [ACK] Seq=1 Ack=1 Win=65535 Len=0

Frame 5: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Ethernet II, Src: G-ProCom_06:a9:82 (00:23:24:06:a9:82), Dst: Cisco_0f:18:00 (00:18:73:0f:18:00)
Internet Protocol Version 4, Src: 38.124.22.217 (38.124.22.217), Dst: 204.232.237.0 (204.232.237.0)
Transmission Control Protocol, Src Port: audit-transfer (1146), Dst Port: http (80), Seq: 1, Ack: 1, Len: 0

No. Time Source Destination Protocol Length Info
6 0.006645 38.124.22.217 204.232.237.0 HTTP 790 GET / HTTP/1.1

Frame 6: 790 bytes on wire (6320 bits), 790 bytes captured (6320 bits)
Ethernet II, Src: G-ProCom_06:a9:82 (00:23:24:06:a9:82), Dst: Cisco_0f:18:00 (00:18:73:0f:18:00)
Internet Protocol Version 4, Src: 38.124.22.217 (38.124.22.217), Dst: 204.232.237.0 (204.232.237.0)
Transmission Control Protocol, Src Port: audit-transfer (1146), Dst Port: http (80), Seq: 1, Ack: 1, Len: 736
Hypertext Transfer Protocol

No. Time Source Destination Protocol Length Info
7 0.016994 204.232.237.0 38.124.22.217 TCP 60 http > audit-transfer [ACK] Seq=1 Ack=737 Win=6624 Len=0

Frame 7: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Ethernet II, Src: Cisco_0f:18:00 (00:18:73:0f:18:00), Dst: G-ProCom_06:a9:82 (00:23:24:06:a9:82)
Internet Protocol Version 4, Src: 204.232.237.0 (204.232.237.0), Dst: 38.124.22.217 (38.124.22.217)
Transmission Control Protocol, Src Port: http (80), Dst Port: audit-transfer (1146), Seq: 1, Ack: 737, Len: 0

No. Time Source Destination Protocol Length Info
8 0.017706 204.232.237.0 38.124.22.217 HTTP 720 HTTP/1.1 401 Authorization Required (text/html)

Frame 8: 720 bytes on wire (5760 bits), 720 bytes captured (5760 bits)
Ethernet II, Src: Cisco_0f:18:00 (00:18:73:0f:18:00), Dst: G-ProCom_06:a9:82 (00:23:24:06:a9:82)
Internet Protocol Version 4, Src: 204.232.237.0 (204.232.237.0), Dst: 38.124.22.217 (38.124.22.217)
Transmission Control Protocol, Src Port: http (80), Dst Port: audit-transfer (1146), Seq: 1, Ack: 737, Len: 666
Hypertext Transfer Protocol
Line-based text data: text/html

No. Time Source Destination Protocol Length Info
11 0.151411 38.124.22.217 204.232.237.0 TCP 54 audit-transfer > http [ACK] Seq=737 Ack=667 Win=64869 Len=0

Frame 11: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Ethernet II, Src: G-ProCom_06:a9:82 (00:23:24:06:a9:82), Dst: Cisco_0f:18:00 (00:18:73:0f:18:00)
Internet Protocol Version 4, Src: 38.124.22.217 (38.124.22.217), Dst: 204.232.237.0 (204.232.237.0)
Transmission Control Protocol, Src Port: audit-transfer (1146), Dst Port: http (80), Seq: 737, Ack: 667, Len: 0

No. Time Source Destination Protocol Length Info
13 1.167284 204.232.237.0 38.124.22.217 TCP 60 http > audit-transfer [FIN, ACK] Seq=667 Ack=737 Win=6624 Len=0

Frame 13: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Ethernet II, Src: Cisco_0f:18:00 (00:18:73:0f:18:00), Dst: G-ProCom_06:a9:82 (00:23:24:06:a9:82)
Internet Protocol Version 4, Src: 204.232.237.0 (204.232.237.0), Dst: 38.124.22.217 (38.124.22.217)
Transmission Control Protocol, Src Port: http (80), Dst Port: audit-transfer (1146), Seq: 667, Ack: 737, Len: 0

No. Time Source Destination Protocol Length Info
14 1.167312 38.124.22.217 204.232.237.0 TCP 54 audit-transfer > http [ACK] Seq=737 Ack=668 Win=64869 Len=0

Frame 14: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Ethernet II, Src: G-ProCom_06:a9:82 (00:23:24:06:a9:82), Dst: Cisco_0f:18:00 (00:18:73:0f:18:00)
Internet Protocol Version 4, Src: 38.124.22.217 (38.124.22.217), Dst: 204.232.237.0 (204.232.237.0)
Transmission Control Protocol, Src Port: audit-transfer (1146), Dst Port: http (80), Seq: 737, Ack: 668, Len: 0