Ah…sorry about that. I didn’t mean to do the whole techno-babble thingy.
Um…ok. Let’s see if I can explain this well in English. Basically, when you have a workstation or server inside your firewall (i.e. on your side of the firewall), most firewalls simply let the traffic out unless specifically told not too. My guess is that your firewall is pretty much out of the box, so it will allow traffic coming from your network and out to the internet out without any problem. So, if you go to YouTube you can click on a link and watch a video…or go the the StraightDope and view a thread. Whatever you like. If you set up a workstation to go out and collect SMTP mail from an external email system it will go out and get it…the firewall won’t care, since the traffic is initiated from inside your network.
The trouble comes when traffic that is initiated from outside your network is trying to get inside. Like, say, if you have an external email host that is trying to forward SMTP to your internal server using your public IP address, or if you have a Mail Exchange (MX) record that points to either one of your public IP addresses (if you have a block of public addresses) or to the public IP of your firewall. If this happens then the firewall, by default, will not let the packets inside your network. That’s what it’s designed to do after all. So, you have to tell the firewall to forward the packets coming into your firewall to a server or workstation inside your network. One of the ways to do this is a port forward…basically, you tell your firewall to take any IP traffic that comes in on a certain port (like, say port 25 or 2525 as you were saying) specifically to one of your public IP addresses (or the external address of your firewall) and send it inside your network to your server.
As an example, let’s say your internal network is 192.168.0.0/24 (don’t worry about what all that means). And let’s say that your server’s IP address is 192.168.0.100. And let’s say that your pubic IP address of your firewall is 12.12.12.12. So, what you do is you set up on your firewall to forward traffic that’s coming into 12.12.12.12 on ports 25 and 2525 to forward to 192.168.0.100. That’s it. The syntax of doing this will depend on your firewall, but these days most of them have a browser interface, and usually their address is the .1 of the private network that they are dishing out addresses for. You can find out by checking out your workstation and looking for the gateway address (it might be called the default gateway or gateway of last resort) and then just putting that address into your internet browser. A lot of times port forwarding is under either routing or in advanced settings…you’ll probably have to play around with it some, or download a tech paper on it, or call their tech support and have them walk you through it.
Just a couple things about all of this. One is that this will obviously open a security hole into your network. It’s not a very big hole, but it is a hole and can be exploited. Another thing is that all this assumes you have your DNS records set up correctly to get the mail to you…or that you’ve given your external email provider or forwarder your correct information for your public IP address.
It also assumes this is the problem. As I said, it might be an authentication issue. If that’s the case, then your best bet it to call tech support from your provider and ask them to walk you through setting all this up.
Hopefully the above isn’t too confusing. Good luck. 
-XT