modem and router port forwarding

Posted on 2012-04-05
Last Modified: 2012-04-17
I am having some router networking is my configuration:

I have a DSL modem at I configured port forwarding for ports 22 and 1521 to route to

I have a router at  I have port forwarding configured to forwarding ports 22 and 1521 to

I have a linux server at

When I use PuTTY to SSH on port 22 to the linux server I get a prompt to login to the linux server but it does not allow me to login.  I get an error message that access is denied.

So it looks like traffic is getting to the linux server but the linux server is not allowing me to login.

Note that I am able to login if I am on the local network and use SSH to connect to  I only have a problem if I try to connect to the linux server using the public IP address.

Do you know what I can change to allow access to the linux server?

Note that I am confused about how traffic gets from to  The default gateway is  I am not able to set the port forwarding in the DSL modem to  If I try I get the error message "NAPT server IP address is not a valid host LAN address."

Can you point me to a log file on the linux server that explains why it's rejecting the login from the public IP address?

Can you tell me how to either configure the linux server or the network to allow logins from the public IP address?  Note that this was working at one point.  I believe a tech support person from the router company had me change my network IP address and after that I was not able to connect to the linux server through the public IP address.
Question by:david_m_jacobson
  • 2
LVL 25

Accepted Solution

Fred Marshall earned 500 total points
ID: 37814447
Let's review those port forwards:

"I have a DSL modem at I configured port forwarding for ports 22 and 1521 to route to"

Presumably is the router WAN/Internet side, yes?  If so then understood.

"I have a router at  I have port forwarding configured to forwarding ports 22 and 1521 to"

Presumably this is the router with WAN address, yes?  If so, OK.

It sounds like it may work:
Packets arriving at the modem router, destined for port 22 will go to  But, to which port there?  That has to be part of the setup.
I'm going to suggest something different just to make the point:

When packets arrive for port 22 then we will forward then to that is, port 999.

When packets arrive for port 999 at then we will forward them to  that is port 22.  

I believe that's what you want.
So it could be:
port 111 from the outside world
port 222 between the routers
port 22 behind the last router.

That should be all there is to it.

Author Comment

ID: 37814501
I don't follow everything stated above. In the SpeedStream 4300 DSL Modem configuration in the Host Configuration I see the Default Gateway set to an empty field and I see a checkbox that is checked to indicate "Use WAN."

In the DHCP Configuration of the DSL modem I see DHCP enabled, "Start IP Range" set to and the "End IP Range" set to  Then I see the Default Gateway set o

Note that I have two physical devices: a SpeedStream 4300 DSL modem and an Encore router.  The DSL modem is plugged into the Encore router.  The linux box is plugged into the Encore router.

I don't understand how to configure

Separately, I have a Windows PC connected to the Encore router.  When I enter "ipconfig /all" from a DOS prompt on the Windows PC I see the DNS server, Default Gateway, and DHCP Server all set to

When I log into the admin tool for the Encore router I see the WAN Settings section with the IP address set to and the Default Gateway set to In the LAN Settings section of the Encore Router I see the IP address set to and DHCP enabled.

Does any of this information help? I'm not sure I followed your suggestion.  I think you are suggesting setting the DSL Modem to forward incoming requests on port 22 to port 999 on the Encore router.  Then I should configure the Encore router to forward incoming requests on port 999 to port 22 on my linux server at  Is that correct?
LVL 25

Expert Comment

by:Fred Marshall
ID: 37857905
Sorry I didn't respond sooner.  Thanks for the points!

Yes that's the idea and it sounds like it worked!  Good.

I wasn't trying to suggest any particular port numbers .. those were just examples.  You'd want to avoid "well known" port numbers.

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Usually shares are where we want them for our users and we tend to take them for granted. There are times, however, when those shares may disappear causing difficulty for your users. One of the first things to try is searching for files that shou…
Join Greg Farro and Ethan Banks from Packet Pushers ( and Greg Ross from Paessler ( for a discussion about smart network …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now