I tried that rule you suggested. No luck. It's primary a Windows network and the main test consists of simply attempting to connect to the site's static IP using Windows Remote Desktop connection. It's not very detailed error and simply says it cannot connect.
Using nmap, I can confirm that the port is open and it correctly confirms its protocol version.
Using tcpdump, I can see my attempts at connecting on eth1. It sends out the SYN packet to the port but doesn't get anything back. That makes me think, does iptables filter before or after tcpdump. If the latter, then its not an iptables issue at all.
I can confirm that that IP is pingable from 10.42.224.4 along with all IP addresses that I attempt. It's GW and mask is; 10.42.224.254 & 255.255.255.0.
Unfortunately, as the site is primary Windows based I don't have a PC with tcpdump on it however I do see there are several alternative tools do this this. I'll give one a try and get back with my results.