See this article for NAT configuration.
Hairpin NAT configuration:
The above (see the NAT howto) all works very well if your 192.168.1.x hosts sit in a DMZ on the firewall, however!
If you want to direct traffic to a host on the LAN segment, you need some additional NAT rule trickery.
You need to create a so called ‘hairpin’ NAT rule:
NAT rules:
1) Do not translate between these networks: (Address translation tab)
2) Hairpin NAT (Address translation tab)
3) Inbound NAT rules (Address translation tab)
4) Hide NAT rules: (Address translation tab)
5) Inbound rules: (Security tab)