I am trying to ghost through a m0n0wall box to a lab full of machines 
and it isn't working.  I think I may be in over my head, but hopefully 
I have just made a stupid mistake somewhere.

The monowall box and ghost server are both on our private network 
172.22.0.0/16.  We recently subnetted our labs(4) using m0n0wall boxes 
into different networks, i.e. 172.23.12.0/24, so that we could run 
ghost sessions without slowing the entire network.  Everything is 
working except the actual transfer of the image files to the clients.  
That is, all our applications, authentication, internet, filesharing, 
printing, etc, is working and the clients have no problem connecting to 
the ghost multicast session, but as soon as the ghost server tries to 
start the session, it fails or hangs, as if the data can't find or 
can't get to the clients.  I have been experimenting and I have found 
that a unicast to any number of machines will work, but a directed 
broadcast or multicast will not.  My firewall rules are set up to allow 
all traffic, but I still see some blocked traffic, for example:
    12:12:33.781780     WAN     172.22.1.9, port 1347   172.23.12.250, port 
1025    TCP
I am also using advanced outgoing NAT to allow authentication for our 
dansguardian proxy.  I suspect that the m0n0wall box is either blocking 
the multicast type traffic, or not set up correctly to handle it, or 
incapable of doing this at all.  I also suspect that I am being a 
moron, somewhere in here.  Thanks for your time.