Forwarding https across Nethserver unable to connect

I have a port forwarding question:

I’ve setup a ruile to forward port 2525 to an internal server. I can see in the firewall log
ug 1 00:19:48 neth-fw kernel: Shorewall:net_dnat:DNAT:IN=ens160 OUT= MAC=00:0c:29:9f:4a:7c:6a:ee:96:e9:ed:17:08:00 SRC= [**]224.110 DST= LEN=60 TOS=0x00 PREC=0x20 TTL=55 ID=5227 DF PROTO=TCP SPT=22269 DPT=2525 WINDOW=14600 RES=0x00 SYN URGP=0

and I see the incoming packet in tcpudmp
00:22:53.873735 IP [**].ms-v-worlds: Flags [S], seq 1960468865, win 14600, options [mss 1460,sackOK,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,wscale 7], length 0

But if I tcpdump the internal interface I don’t see the NAT’ed connection.

Any thoughts on where to look next?

Can you tell us something about the configuration?

How are the settings for the rule for example.

I’ve made a few changes just to simplify things. I am trying to forward an https connection across the firewall to an internal https server.
The rule is forward from the red network, port 443-443 any source to an internal https server any time.
Remote access is down right now but I’ll provide a screen shot in a few.