> But on the LAN side (162.168.0.0) i cant see the app pointing to > 200.68.69.xxx:15000 Not :15000, follow this: Some host A(a.b.c.d) asks 200.68.69.1 asks for a connection, we see this: 1. Start connection: a.b.c.d:1025 -> 200.68.69.1:15000 2. Do NAT: 200.68.69.1:15000 -> 192.168.0.1:80 3. 192.168.0.1 sends the reply, you should see: 192.168.0.1:80 -> a.b.c.d:1025 So you won't see packets destined for the firewall with port 15000, but you'd rather see packets that are destined for a.b.c.d:1025 By 1025 I mean a random high port that will be the clientside port for that particular connection. Regards, Maciej
