Firewalls is a chapter of it's own, they might work from the Network layer and upwards depending on their mission and complexity (cost). The simplest firewalls only work with network layer, probably only inspects the message from the IP perspective, that means what IP address is sending the message and who is receiving it and what port it is using.

Each message includes information of what type of application is using the information. This is just a short number called the "port number" You can find those port numbers listed here from IANA the International organization governing over the IP numbers globally. Also see technology and IP.

By means of addresses and port numbers the firewall decide if the traffic is permitted or not. It also has to take care of responses on already initiated sessions. Mostly the firewalls is pre configured to allow everything from the inside and nothing but replies from the outside. In short term the traffic has a one way policy. This is possible to change by configuration and larger enterprises seldom allow everything from the inside.

More complex and costly firewalls inspects the entire message and search for viruses and spam or attempt to unauthorized access.

Firewalls is relatively complex to troubleshoot in but a hint is to look in the log file. It always tell what's been permitted or denied. Also check that the traffic type you are trying to forward is configured to be accepted by the firewall.

The most common port numbers is 80 for the web (http), 443 for secure web (https), 25 for mail, 53 for DNS and 20-21 for file transfers (FTP)