The symptom was that I was trying to connect to a machine with an IP address in our public address block. The router would not pass the traffic up to the gateway, or out to the switch that was the public internet. My traffic was stuck inside the router. I dug around for a long time, but found no configuration that would have caused this.
The main symptom was that whenever I tried to connect to this public address, I’d get the zywall’s login screen.
Testing the ip address via a cell phone with another internet connection took me to the machine I wanted to connect to. So it was a router problem.
Having the interface take over the ip address, then disabling that, didn’t work. It DID work for other ip addresses on the router, but not this specific one.
The fix turned out to be rebooting the router.
So there was some kind of glitch where the router thought that it had the IP address… but it didn’t show it at all, which was kind of scary.