I am trying to set up an ssh server on my Debian squeeze box so that I can access it remotely when I'm not at home. I connect to the internet through an at&t 2wire modem/router. First off, I *can* ssh into the machine from inside the local network, e.g.
Also, I have configured the router to forward port 22 to my box. I checked that this works using a simple online port scanner (http://www.t1shopper.com/tools/port-scan/). Given all this, trying to ssh to the outside internet address gives
I read about this for hours now and I can't seem to find a solution. I am beginning to suspect it is a problem with my router/isp. One last thing that I tried, that I cannot interpret, is to run nmap on my external address:
Playing around with Nmap, I also found that it only sees port 50001 as open.

Any ideas?

Looking at "getent services 5001", the service mentioned is complex-link.
That doesn't necessarily mean anything. It seems to be used by various instant messaging clients.

I take it you tried to ssh to your public IP from inside your lan.
This won't work from your current location. Go to a restaurant with free wifi and try to get in from a netbook or other wireless device to test it.

Also check if your modem blocks some outgoing ports as well. Some modems do.

I thought of this, so I got onto a neighbor's network and tried from there. Same behavior, so no dice.

The modem has a DMZ feature where it lets ALL traffic to one of the network computers. I tried that with my box and it seems to work, but it hardly seems like an ideal solution.

There are no settings for this, I have no idea how I could check. This *does* sound like what might be going on.

The modem setup will indicate if it does block outgoing connections. Another user quoted what his modem said, and it indicated that it was blocking outgoing connections as well as incoming.

Make sure that you haven't stopped the ssh service since you tested it on the LAN. I was going to suggest checking your computer's firewall, but if you can ssh from another computer on your LAN, the port is open. If you tested it from the same computer, it used localhost, and you could still have your firewall blocking the port.

You don't want to utilize the DMZ port. That will effectively be eliminating the NAT's firewall protection, and the other ports aren't as isolated from the LAN as they should be.

You might try using traceroute with the `-p 22' option from a remote location.

Some ISPs do their own NATing to share IP addresses, and so their customers can't utilize any incoming ports. This is more common with DSL providers and sometimes the customer even has an IP address in the 192.168 range.

---
When trying an ssh connection, use the -vv option. If you see any debug2 messages, they are from the target server, and it isn't a connection problem.
Try using the telnet client to test the connection. If you see something like:

Trying 192.168.1.106...
Connected to elite.
Escape character is '^]'.
SSH-2.0-OpenSSH_5.8

Then it isn't a connection problem.

Good Luck!

I almost forgot. Check the /etc/ssh/sshd_config file (or /etc/xinet.d/sshd file if you use xinetd) and see if you use a different port for sshd.

I finally gave up on using that crappy modem/router and did this: I attached an old router that I had to the Ethernet port of the modem, assigned it the DMZ port on the modem, and then connected my linux box to this router, on which port forwarding seems to work well. Thanks for your replies!