problems connecting from remote hosts

[grimR]

I have been trying to get my computer available for ssh logins/web access for the past month or so with no success. There is no trouble connecting from within my LAN but outside of this there always lies a 'connection refused' response.

Here is my setup:

I use Comcast @ Home Cable as my ISP

192.168.0.1 is my cable modem which doubles as a gateway
192.168.0.10 is my windows based computer which I have successfully connected to the linux box only using the LAN assigned ip address (192.168.0.11)
192.168.0.11 is the knoppix box (installed to hard drive) I am on and hoping to have available for remote access

Here is what I have tryed to do to allow remote logins:

I have executed:

root@box:/home/grim# iptables -F
root@box:/home/grim# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
root@box:/home/grim#

1> I have logged into the gateway and added port forwarding for port 22 (both tcp/udp in case) for 192.168.0.11, then applyed the changes, and restarted the gateway

2> I have added to my /etc/hosts.allow file:
ALL : ALL@ALL : ALLOW

3> I have made sure every line is commented out on my /etc/hosts.deny file

4> I have run ethereal to capture packets and include a screen shot of the packet captures here:
http://www.crypt.cc/ss/sshd.jpg

5> I have run nmap to see if it was getting through the gateway here is the output:

root@box:/home/grim# nmap -O -sV -v myip

Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-12-21 04:25 EST
Initiating SYN Stealth Scan against pcp09v01.md.comcast.net (myip) [1663 ports] at 04:25
The SYN Stealth Scan took 4.21s to scan 1663 total ports.
Warning: OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port
Host pcp0011459512pcs.chrchv01.md.comcast.net (myip) appears to be up ... good.
All 1663 scanned ports on pcp001142pcs.c1.md.comcast.net (myip) are: closed
Too many fingerprints match this host to give specific OS details
TCP/IP fingerprint:
SInfo(V=3.81%P=i686-pc-linux-gnu%D=12/21%Tm=43A91FA0%O=-1%C=1)
T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
T7(Resp=N)
PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPC K=0K=0%ULEN=134%DAT=E)

Nmap finished: 1 IP address (1 host up) scanned in 13.016 seconds
Raw packets sent: 1684 (67.6KB) | Rcvd: 1673 (77KB)
root@box:/home/grim#

Looking above it seems as though it is getting through the gatway to identify it as linux

I thank you for any advice you can give me I am really not sure what is wrong here, maybe it's my ISP?
I also cannot recieve/send file transfers on GAIM

Limewire works ok though

Thanks

[Dapper Dan]

I'm trying to picture your present setup. Am I understanding correctly that all boxes are presently on the same LAN, and you are trying to ssh from one to the other by going through the IP you are asigned by your ISP, then through a forwarded port back into another box on the same LAN for testing purposes?

[grimR]

yes, all are on the same lan. All connected to the gateway sharing the 192.168.0.* range. I am testing by attempting to connect to the internet IP address from the 192.168.0.11 box (should be connecting to the gateway and transferring the connection back over to itself because it is the only one in the demilitarized zone). This is when I receive connection refused. On the other hand when specifying 192.168.0.11 as the ip address to connect to I have no trouble getting through.

I am hoping to have it so that I can log in from my campus or other network to perform administrative tasks etc.
Thanks for the quick reply

[Dapper Dan]

We were running a Shoutcast server out of my radio station and could not connect back to the server through a browser is the reason I ask. This may be what you're running into. We also recieved a "connection refused" even though I had the firewall and ports set up correctly. Recieving our stream from outside our network worked without problems. My suggestion would be to ask someone from outside your network to try sshing in. If they can't then I'm completely wrong and it's likely something else. I think of this because everything else appears to be right.
EDIT: And you're absolutly sure the ssh server/daemon is up and running?

[grimR]

yes I checked the ps list and it's running. I know its working, because I can ssh from inside the network just not from outside the network.

Also using GAIM (aol instant messager clone) I cannot send or recieve files so Its something to do with outside connections.

One thing I have had no problems with is Limewire (gnutella network).

[Dapper Dan]

If you are certain those ports are open and your firewall isn't blocking them, it could be something to do with your ISP. Sorry I couldn't help more...