Fiz as alterações e agora consegui alguma coisa na saída do tcpdump,
testei fazendo um telnet no ip externo na porta 8088:
tcpdump | grep 172.16.1.156
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
15:12:31.063332 IP 172.16.1.156.2129 > tecnico.jotec.com.br.omniorb: S
2582386495:2582386495(0) win 5840 <mss 1460,sackOK,timestamp 545352926
0,nop,wscale 3>
15:12:33.120348 arp who-has 172.16.1.156 tell 172.16.1.94
15:12:37.064438 IP 172.16.1.156.2129 > tecnico.jotec.com.br.omniorb: S
2582386495:2582386495(0) win 5840 <mss 1460,sackOK,timestamp 545354426
0,nop,wscale 3>
15:12:42.065307 arp who-has 172.16.1.254 tell 172.16.1.156
15:12:45.223288 arp who-has 172.16.1.156 tell 172.16.1.103
15:12:45.702267 IP 172.16.1.156.ipp > 172.16.1.255.ipp: UDP, length 115
15:13:13.349152 IP 172.16.1.156.3966 >
189-039-011-037.static.spo.ctbc.com.br.omniorb: S
2617773432:2617773432(0) win 5840 <mss 1460,sackOK,timestamp 545363495
0,nop,wscale 3>
15:13:16.347584 IP 172.16.1.156.3966 >
189-039-011-037.static.spo.ctbc.com.br.omniorb: S
2617773432:2617773432(0) win 5840 <mss 1460,sackOK,timestamp 545364245
0,nop,wscale 3>
15:13:17.420482 IP 172.16.1.156.ipp > 172.16.1.255.ipp: UDP, length 115
15:13:22.348654 IP 172.16.1.156.3966 >
189-039-011-037.static.spo.ctbc.com.br.omniorb: S
2617773432:2617773432(0) win 5840 <mss 1460,sackOK,timestamp 545365745
0,nop,wscale 3>
15:13:34.350858 IP 172.16.1.156.3966 >
189-039-011-037.static.spo.ctbc.com.br.omniorb: S
2617773432:2617773432(0) win 5840 <mss 1460,sackOK,timestamp 545368745
0,nop,wscale 3>
^C16349 packets captured
20004 packets received by filter
3651 packets dropped by kernel
Mas ainda nada de funcionar.