You could do a tail -f of your ~nsadmin/log/ access log, and see if Aolserver is actually returning a request from outside your network. If it is, then the firewall is just not letting the packets back out.
If you're using iptables but aren't totally sure you know what you're doing, you might look into NARC, a series of scripts that set up iptables for Linux according to an easy to set up configuration file. It also handles DMZs, and is easy to set up. It's currently at version 0.5.1 I think.
If it isn't receiving the request from outside the network, but tcpdump is still receiving the packets, then Aolserver may be set up wrong. I'm not sure what to suggest there.
