It's interesting that nobody yet has figured out what your problem
is. The real problem is that you're trying to plug from outside to
inside - that's OK - however, all you need is to set up the plug-gw
*and change the outside host to connect to the firewall*. That's what's
missing - since your outside host is still trying to connect to the
inside host, it's being denied by the forwarding rules.
You can solve your problem easily by using the packet filter editor
to add an "absorb" rule that absorbs connections from the outside toward
the inside - this will permit the proxy to see the real destination and
avoid the forward deny. Gauntlet permits transparent connections by default
only from the inside toward the outside; enabling transparency inbound
does not compromise the security of the firewall.