Firewall/NAT

Trying to forward VNC ports across the M0n0wall to an internal host.

I have NAT:Inbound set up as the following:
If: WAN
Proto: TCP/UDP
Ext port range: 5900
NAT IP: 192.168.x.x (ip address of internal workstation)
Int. port range: 5900

I have Firewall:Rules set up as the following:
WAN
Proto: TCP/UDP
Source: *
Port: 5900
Destination: 192.168.x.x (ip address of internal workstation)
Port: 5900

When I test connecting to their external IP address with VNC from a computer outside of the office, the connection times out.

I can connect to the computer via VNC internally.

I am guessing I have done something wrong with the config, but I'm stumped.  Any advice would be greatly appreciated!

I suggest changing this:

WAN
Proto: TCP/UDP
Source: *
Port: 5900
Destination: 192.168.x.x (ip address of internal workstation)
Port: 5900

To this:

WAN
Proto: TCP/UDP
Source: *
Port: *
Destination: 192.168.x.x (ip address of internal workstation)
Port: 5900

That did the trick! thanks fredg!

Thinking of security...
Make sure you have a really secure password and I would recomend changing the external port to something non VNC standard.
IE
On the NAT page
WAN  TCP  678  192.168.1.148  5900 

On the firewall page
TCP  *  *  192.168.1.148  5900 

Then on the VNC client for the host addy put "pub ip:678"

Or even better yet tunnel the VNC thru VPN this exposes less open ports to the bad internet.