Strange ARD port 3283 block

My ARD worked fine to two XServes ("tulip" and "video") on the same subnet.
I accidentally turned off ARD on tulip (Server 10.6.2) FROM the client ARD. DUH!
Anyhow, I restarted it following the guidelines here
http://discussions.apple.com/thread.jspa?threadID=2342445&tstart=15
and here http://support.apple.com/kb/HT2370
However, I can't log in any more with ARD on tulip. A port scan shows that port 3283 is blocked.
The firewall service is off. Changing ethernet switch ports with "video" does no good, "video" still works with ARD but tulip does not, so it's not a switch issue. sudo ipfw list shows this
00001 allow udp from any 626 to any dst-port 626
01000 allow ip from any to any via lo0
01010 deny ip from any to 127.0.0.0/8
01020 deny ip from 224.0.0.0/4 to any in
01030 deny tcp from any to 224.0.0.0/4 in
12300 allow tcp from any to any established
12301 allow tcp from any to any out
12302 allow tcp from any to any dst-port 22
12302 allow udp from any to any dst-port 22
12303 allow udp from any to any out keep-state
12304 allow tcp from any to any dst-port 53 out keep-state
12304 allow udp from any to any dst-port 53 out keep-state
12305 allow udp from any to any in frag
12306 allow tcp from any to any dst-port 311
12307 allow tcp from any to any dst-port 625
12308 allow icmp from any to any icmptypes 8
12309 allow icmp from any to any icmptypes 0
12310 allow igmp from any to any
12311 allow tcp from any to any dst-port 23
12311 allow udp from any to any dst-port 23
12312 allow tcp from any to any dst-port 80
12313 allow tcp from any to any dst-port 3283,5900
12313 allow udp from any to any dst-port 3283,5900
65534 deny ip from any to any
65535 allow ip from any to any

ARD needs open TCP and UDP port 3283 and TCP and UDP port 5900. And for encrypted file transfer TCP port 22. 5900 and 22 are open.

Is there any rule that would be blocking port 3283 on tulip?
The ARD Discussion sent me here! Thanking anyone for info.