You should see traffic coming from 4 hosts in total: ACME v1/v2: Validating challenges from multiple network vantage points
At the moment when I do a --dry-run, I additionally see traffic from 18.224.20.83 and 66.133.109.36, which are missing from your trace.
The latter of those is the primary staging VA and is likely the one that is reporting the firewall timeout.
Check that they're not blocked in iptables.