Nighthawk X6 R7900 port forwarding only works partially

I'm using the Nighthawk X6 R7900 having firmware version V1.0.1.12_10.0.17.

I am setting up a small web server on one of the computers that is wired into the nighthawk. The web service is using port 9000, and that is also the port that I am making visible to the outside world. When I try to access the service from canyouseeme.org, the web site reports that the connection timed out. However, the nighthawk log reports the incoming connection attempt. My server does not get the request. When I access the web server on port 9000 from another computer that is connected to the nighthawk, it IS able to access the web server, and the web server reports the connection. So, somehow the nighthawk is not forwarding the remote originated packet to the target server, though the log reports that it has done so. Actually, as seen below, the target server does see the attempt, but something about the forwarded TCP packet causes the http server to ignore it.

Thoughts on how the external connection attempt might show up in the log, but the packets not get forwareded to the proper machine?

Here's the entry from the nighthawk log showing the connection attempt from canyouseeme,org to the back-end server (192.168.209.90:9000):

[LAN access from remote] from 52.202.215.126:58165 to 192.168.209.90:9000, Monday, Apr 17,2017 17:55:56

My server is running on a linux host. I filtered the ethernet traffic using tcpdump. Here is the traffic associated with the failed access from the canyouseeme.org:

10:07:07.682934 IP (tos 0x0, ttl 44, id 55504, offset 0, flags [DF], proto TCP (6), length 60)
ec2-50-17-218-234.compute-1.amazonaws.com.60115 > proton.cslistener: Flags [S], cksum 0xa316 (correct), seq 4031740471, win 5840, options [mss 1460,sackOK,TS val 3402935235 ecr 0,nop,wscale 6], length 0
0x0000: 4500 003c d8d0 4000 2c06 d6ec 3211 daea E..<..@.,...2...
0x0010: c0a8 d15a ead3 2328 f04f 7a37 0000 0000 ...Z..#(.Oz7....
0x0020: a002 16d0 a316 0000 0204 05b4 0402 080a ................
0x0030: cad4 abc3 0000 0000 0103 0306

Here is the successful access taken from another host on the same network:

10:28:30.929588 IP (tos 0x0, ttl 128, id 15612, offset 0, flags [DF], proto TCP (6), length 52)
192.168.209.105.54466 > proton.cslistener: Flags [S], cksum 0xbfa8 (correct), seq 2993996024, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
0x0000: 4500 0034 3cfc 4000 8006 99b2 c0a8 d169 E..4<.@........i
0x0010: c0a8 d15a d4c2 2328 b274 c0f8 0000 0000 ...Z..#(.t......
0x0020: 8002 2000 bfa8 0000 0204 05b4 0103 0302 ................
0x0030: 0101 0402 ....
10:28:30.929672 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
proton.cslistener > 192.168.209.105.54466: Flags [S.], cksum 0x8a28 (correct), seq 3643163452, ack 2993996025, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 6], length 0
0x0000: 4500 0034 0000 4000 4006 16af c0a8 d15a E..4..@.@......Z
0x0010: c0a8 d169 2328 d4c2 d926 433c b274 c0f9 ...i#(...&C<.t..
0x0020: 8012 3908 8a28 0000 0204 05b4 0101 0402 ..9..(..........
0x0030: 0103 0306