modem and router port forwarding

Posted on 2012-04-05
Last Modified: 2012-04-17
I am having some router networking is my configuration:

I have a DSL modem at I configured port forwarding for ports 22 and 1521 to route to

I have a router at  I have port forwarding configured to forwarding ports 22 and 1521 to

I have a linux server at

When I use PuTTY to SSH on port 22 to the linux server I get a prompt to login to the linux server but it does not allow me to login.  I get an error message that access is denied.

So it looks like traffic is getting to the linux server but the linux server is not allowing me to login.

Note that I am able to login if I am on the local network and use SSH to connect to  I only have a problem if I try to connect to the linux server using the public IP address.

Do you know what I can change to allow access to the linux server?

Note that I am confused about how traffic gets from to  The default gateway is  I am not able to set the port forwarding in the DSL modem to  If I try I get the error message "NAPT server IP address is not a valid host LAN address."

Can you point me to a log file on the linux server that explains why it's rejecting the login from the public IP address?

Can you tell me how to either configure the linux server or the network to allow logins from the public IP address?  Note that this was working at one point.  I believe a tech support person from the router company had me change my network IP address and after that I was not able to connect to the linux server through the public IP address.
Question by:david_m_jacobson
  • 2
LVL 25

Accepted Solution

Fred Marshall earned 500 total points
ID: 37814447
Let's review those port forwards:

"I have a DSL modem at I configured port forwarding for ports 22 and 1521 to route to"

Presumably is the router WAN/Internet side, yes?  If so then understood.

"I have a router at  I have port forwarding configured to forwarding ports 22 and 1521 to"

Presumably this is the router with WAN address, yes?  If so, OK.

It sounds like it may work:
Packets arriving at the modem router, destined for port 22 will go to  But, to which port there?  That has to be part of the setup.
I'm going to suggest something different just to make the point:

When packets arrive for port 22 then we will forward then to that is, port 999.

When packets arrive for port 999 at then we will forward them to  that is port 22.  

I believe that's what you want.
So it could be:
port 111 from the outside world
port 222 between the routers
port 22 behind the last router.

That should be all there is to it.

Author Comment

ID: 37814501
I don't follow everything stated above. In the SpeedStream 4300 DSL Modem configuration in the Host Configuration I see the Default Gateway set to an empty field and I see a checkbox that is checked to indicate "Use WAN."

In the DHCP Configuration of the DSL modem I see DHCP enabled, "Start IP Range" set to and the "End IP Range" set to  Then I see the Default Gateway set o

Note that I have two physical devices: a SpeedStream 4300 DSL modem and an Encore router.  The DSL modem is plugged into the Encore router.  The linux box is plugged into the Encore router.

I don't understand how to configure

Separately, I have a Windows PC connected to the Encore router.  When I enter "ipconfig /all" from a DOS prompt on the Windows PC I see the DNS server, Default Gateway, and DHCP Server all set to

When I log into the admin tool for the Encore router I see the WAN Settings section with the IP address set to and the Default Gateway set to In the LAN Settings section of the Encore Router I see the IP address set to and DHCP enabled.

Does any of this information help? I'm not sure I followed your suggestion.  I think you are suggesting setting the DSL Modem to forward incoming requests on port 22 to port 999 on the Encore router.  Then I should configure the Encore router to forward incoming requests on port 999 to port 22 on my linux server at  Is that correct?
LVL 25

Expert Comment

by:Fred Marshall
ID: 37857905
Sorry I didn't respond sooner.  Thanks for the points!

Yes that's the idea and it sounds like it worked!  Good.

I wasn't trying to suggest any particular port numbers .. those were just examples.  You'd want to avoid "well known" port numbers.

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Transparency shows that a company is the kind of business that it wants people to think it is.
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now