Issue in configuring TMG as Forward/Reverse Proxy

I am trying to setup reverse and forward proxy using TMG 2010. I have following networks:

Internal Networks:
10.2.1.0/24
10.3.1.0/24

DMZ (Perimeter) Network:

10.7.1.0/24   NAT relationship with external network e.g. Public IPs

I've setup one TMG node and selected "Back Firewall" as topology.

NIC 1 Config: (Internal)
------------
IP:    10.2.1.20
Subnet: 255.255.255.0
DW:     Not defined
DNS:    10.2.1.5


NIC 2 Config: (Perimeter)
-------------
IP:    10.7.1.20
Subnet: 255.255.255.0
DW:     10.7.1.5
DNS:    Not Defined

During setup when wizard asked me to define internal IP ranges, I defined 10.2.1.1 - 10.2.1.255 instead of selecting Adaptor.
Setup Completed successfully.

I created Allow rule from internal to local host.

From Client-end:
From client machines i can not access TMG internal interface IP (because gateway is not defined on TMG internal interface i guess)

while i can access DMZ interface IP i.e. 10.7.1.20 and can telnet port 8080.
When i define DMZ interface IP i.e. 10.7.1.20:8080 as proxy address in client-side browser, that throws an error "10061 no connection could be made because the target machine actively refused it"

Failed Connection Attempt
Log Type: Web Proxy (Forward)
Status:10061 No connection could be made because the target machine actively refused it.
Rule: Allow
Source: Internal (10.2.1.39)
Destination:LocalHost (10.7.1.20:8080)
Request:Get http://www.google.com
Protocol:http


On TMG server:
When i define DMZ interface IP i.e. 10.7.1.20:8080 as proxy address in browser that still throws an error "10061 no connection could be made because the target machine actively refused it"
But when i define internal interface IP as proxy in browser i.e. 10.2.1.20:8080 it works.


Allowed Connection
Log Type: Web Proxy (Forward)
Status:303 Not Modified
Rule: [System] Allow all HTTP traffic from forefront TMG to all networks (for CRL downloads)
Source: LocalHost (10.7.1.20:10082)
Destination: External (94.245.34.74:80)
Request:Get http://someurl
Protocol:http

What am i missing please advise and what could be the work around to get this work from internal network.

Regards,