I posted the following some days ago:

I have IPCop with green and red cards. In my green network I have a SSH server using port 22 (IP: 192.168.0.1). My red card is connected to internet with fix IP. I want access my SSH server from outside using port 22 (my ISP blocks other ports). I set external services to open port 22 and forward port 22 from red to my internal ip 192.168.0.1 port 22. I also enabled SSH in IP configuration web page. All seems right, my access from internal network to internet is OK. But external access to my SSH server is completely imposible!!

Additional information: I'm trying to access from really outside. I can access the Ipcop web page from outside (https://x.x.x.x:445). I think I have to edit /etc/rc.d/rc.firewall.up, but don't know what to change. Any idea to fix the problem? Thanks in advance

Start by adding some -j LOG entries to your rc.firewall. eg iptables t nat -I PREROUTING -p tcp -i eth~ --dport 22 -j LOG --log-level 6 --log-prefix "incoming_ssh "
and iptables -I INPUT -p tcp -i eth~ --dport 22 -j LOG --log-level 6 --log-prefix "input_ssh "

Use -I to place these rules first in each chain.

If the packets are getting to these points, change the entries ti -A to place them at the end of the chains. If the packets are getting this far, you need to check the server on the destination pc.

try,
netstat -tanp
and see if ssh is waiting on port 22 and the correct interface.
You should at least get responses to SYN packets if ssh server is alive.

If packets are not getting to your ssh server pc, check to see if IPCOP has banned you for too many packets... wouldn't be the first to have this problem.

Regards,
peter

and,
to correct some assumptions,

rc.firewall.up in the ssh server pc, if it runs Linux 2.4.xx
IPCOP uses ipchains and you may have some fun writing rules into it and having them remain.

2nd iptables -t nat -I PRE~
3rd look for your log outputs im /var/log/messages
try,
tail -f /var/log/messages,
again, on the ssh server.

Rgds,
Peter.