Typically you would want the source NAT set to "<localhost> (Host)", which automatically NATs to the outgoing interface. Can you tell what the traffic is actually being NATted to when using "Firewall (IP)"? If it is indeed NATting to 127.0.0.1 then I would expect that to fail.
Matt, they're very generic rules and I'm struggling to know if anything's hitting them. Is there a way from the audit view to show the rule ID that a particular flow hit?
Every time a rule is hit it will be audited (by default). There are a few easy ways to check to see if they are being hit:
1) On the Dashboard there are tabs for most frequently used Applications, Threats, Policy, etc. Go to the Policy tab and that may show you if the rules are being hit.
2) If you right click on the rule itself you should be able to View Audit associated with that rule.
Hope this helps,