Alright so I may have TMG setup incorrect. I'm going to give you an idea of how I have this setup and you can let me know if this is wrong. The current design may or may not have something to do with the error that I am currently getting.
The topology for how TMG is setup should be in the bottom of this post. So the TMG server is setup as a single leg firewall (wish i could just do reverse proxy and not firewall), it has a private IP associated to it and I currently have that IP setup in the internal network range which I don't think should be right? It should work using only local host but it doesn't, I have to setup the range that the TMG server is using on its interface within the internal network range for communication to function between TMG and our domain or anything else.
So the only reason we use TMG is as a reverse proxy for web sites. On the firewall coming in from the internet, I perform all nat functions. I also setup a static nat translation there to see anything coming in over a particular public IP to our TMG server if on port http or https. TMG does see these requests so I know that is functioning properly. The problem that I am having right now is with the one site I have published on TMG, an FTP site. When I try and access the site from external the request hits TMG and I get the below error message. So the message occurs when I try and login to the ftp site so you see the source and destination of what is going on but TMG blocks the connection as "Unidentified IP Traffic (TCP:47778)"?
Denied Connection IRPV-FFTMG 10/3/2011 11:19:49 AM
Log type: Firewall service
Status: A non-SYN packet was dropped because it was sent by a source that does not have an established connection with the Forefront TMG computer.
Rule: None - see Result Code
Source: Local Host (X.X.X.X:443) (This is the TMG host)
Destination: External (X.X.X.X:47778) (This is the host that requested the ftp site)
Protocol: Unidentified IP Traffic (TCP:47778)