I've got a basic networking problem that doesn't seem to work using a basic networking config.

I'm trying to ssh from work into my home PC.

Here's the basic layout.
HomePC >> Firewall/Nat/Router>>DSLModem >> Internet
I've given the PC a static IP outside the DHCP pool. The PC connects to the internet just fine.
The firewall/nat/router has a "DMZ" option enabled with the static IP listed below it.

Here's what the PPPOE settings are reporting back:
IP Address: 69.3.114.127
Subnet Mask: 255.0.0.0
Default Gateway: 172.31.255.251

Those values are exact. I installed a web server just to test that the address can be seen.

At this point, I'm thinking the "DMZ" option may be forwarding ports, but not smart enough to do it right in my situation. So, I can turn off DMZ and set up a "virtual server" where I can forward public IP/port to private. Using the public IP and local IP, this doesn't work either.

Do you have direct internet connection from your work PC? Probably you should make sure that you can see the WAN ip assigned to you by your ISP first from work. I have my server behind the firewall and the "virtual server" forwards ssh requests to the local server. It's working fine.

An update:
I turned off the dmz setting and used the "virtual server" setting my firewall/router box has to forward ports 22/tcp and 80/tcp&udp to the internal address (Port 80 is temporary)

My ISP (earthlink) says they only block smtp-in connections (24?) otherwise, I should have no problems.

I also explicitly allowed port 22/tcp in and out and port 80 in and out on the firewall.

I'm double-checking if Debian Etch comes with a firewall script today too. In Sarge there was no firewall script in a default install. FYI Etch and the GUI installer work well. Very high quality for a testing branch. Equivalent to a Fedora release.

I can now ping from work and get replies. I'm assuming I'm pinging my IP address. How do I otherwise "see" my ip address from work?

I'm ready to dump the firewall/router at this point because I think the problem is there. It's a dlink with analog telephone adapter built-in. You get what you pay for right?

Thanks for the help.

Are you getting a connection refused or are you just timing out? Have you tried sshing to your deb box internally from another box on the lan?

Debain in the past ships with an empty hosts.allow file. This in affect stops anyone from connecting to that system that uses tcp wrappers, if I remember correctly. Try renameing /etc/hosts.allow file to hosts.allow.bak as well as the /etc/hosts.deny file to hosts.deny.bak.

Let me know if this works.

1. Yes, I can ssh from my laptop to the other PC inside my home LAN.
2. From work: Putty reports a time out. ssh reports time out.
3. I'll check the hosts.allow file tonight.

Thanks again.

I scanned the IP address for port 22 and it replied as "filtered."

It correctly detected the firewall's OS, so I'm sure it's still my IP.

How do I open that port?

I replaced the router/firewall with a netgear fvs114. Works like a charm.

Maybe it's just mine but, Dlink dvg-1402S doesn't forward ports and DMZ IP address settings don't work.

Thanks for all the suggestions.