routing problem

[Simon]

Hi fbsd-users,

Got a quick routing question here, first of all i'll explain roughly how our
network is setup and
hopefully if anyone can spot any obvious school boy errors that would be
greatly appreciated.

Block of 8 ip addresses assigned to ADSL.

(Using 10.0.0.x instead of the real external ip addresses)

ADSL ROUTER (10.0.0.1 - on both interfaces)
       |
     SWITCH --- WEB_SERVER(10.0.0.3) (other 3 ip's are to be assigned to
other servers shortly)
       |
     closedbsd (freebsd w/ipfw) firewall doing nat (outside:10.0.0.2,
inside:192.168.0.1)
       |
      SWITCH
        |
     workstaions (192.168.0.x)

The ipfw rules are quite (in fact VERY basic - once its working properly
i'll tweak these)

<>
divert natd ip from any to any via outside_iface
allow ip from any to any
</>

- Note that there are currently no packets being blocked on this box.

Thats the basic network design, we also have ids etc, but thats irrelevant
for this problem.

Ok now for some unknown reason, from the workstations I can not connect to
certain servers
(e.g. my box on my dsl at home), however the web_server can.

If I perform a traceroute from the web_server goes through each hop fine. If
i perform a
traceroute from one of the workstations, it gets to the first hop fine (ipfw
box), then times out on the rest,
dns is all working fine. There aren't any rules on the adsl router that
blocks anything from the ipfw
box and isn't blocking outbound icmp/udp/tcp.

Now the bit that puzzels me, is that its only some ip ranges it doesn't work
for.. I can connect
to a friends box then on to mine at home fine. Can connect to mine from the
web_server, just not to
mine behind the nat'd setup..

I would of thought if there were a problem with our setup then surely it
wouldn't do traceroutes/ssh
etc.. wouldn't work at all, rather than just on some ip ranges? The only
thing I could think of could
be the TTL's?

Anyone got any ideas why this is happening? And/or how I can fix this?

TIA

Simon