Can't NAT to WebServer Inside Firewall

My web server is 10.99.255.201. This is windows IIS v6 running
Intellisync's GMS. I want to see this web server on the internet.
The firewall is at 10.99.255.250 (inside) and 207.xx.yy.90 (outside).
This is running SuSE 10.0. I have the "network service" HTTP enabled on
this box but Netstat doesn't show port 80 because Apache is not installed
on this box. The Masquerading table looks like this:

Source Protocol ReqIP ReqPort RederToIP RedirToPort
10.99.0.0/16 tcp any http(80) 207.xx.yy.90 http(80)
207.xx.yy.0/24 tcp 207.xx.yy.90 http(80) 10.99.255.201 http(80)

I hope this is enough information for anyone to determine why it's not
seeing 10.99.255.201's web server from the internet. It can be seen every
try from any host the 207.xx.yy.00 network but not beyond (that is, not
beyond our corporate gateway, which is not filtered at all. I can ssh and
ping through that).

Any suggestions?

In article <pan.2006.09.20.23.15.47.292990@slcusd.org>, Ronald Schow
wrote:
> 207.xx.yy.0/24 tcp 207.xx.yy.90 http(80) 10.99.255.201 http(80)
>
I'm making an educated guess here, not having worked with SuSE's
masquerading, but it seems to me the above says to translate requests
coming from the 207.xx.yy.0/24 network ONLY. That would explain:

> It can be seen every try from any host the 207.xx.yy.00 network
> but not beyond
>
And if my theory is correct, I think what you need is something like
'any' in place of '207.xx.yy.0/24'.

bd
NSC Volunteer SysOp