Download putty if you don't already have it, the format you need for this is:
putty -ssh username@publicip -pw password -L localport:privateip:destinationport
Here is what you would use to get to 192.168.1.1 remotely through SSH:
putty -ssh username@publicip -pw password -L 8080:192.168.1.1:80
You could then open up a web browser to 127.0.0.1:8080 on the computer you created the tunnel with and up would pop the router interface.
A Very Disappointing Self-Answer
Having set this problem aside for a day and come back to it, I was both relieved and perturbed (more perturbed than relieved) to find that everything was, mysteriously, working properly.
So, What Was the Issue?
No settings were changed or adjusted -- not on the router, not on the SSH server, and not on the SSH client's machine. It's fairly safe to say it was the router not handling the incoming traffic properly, in spite of proper settings. Given that dinky home router software isn't really designed to deal with port forwarding, it took the poor guy a while to implement the necessary changes.
But It's Been Like 6 Hours!!
Yeah dude, I know. I spent all day trying to figure out what was wrong -- and didn't ever find it because there wasn't anything wrong. Evidently, it can take 6 hours -- possibly more -- for the router settings to take effect.
So How Do I Know If This Is My Issue?
A nifty tool I came across during this escapade is tcpdump. This lean little guy sniffs traffic for you, offering valuable insight into what's actually going on. Plus, he's got some super filtering features that allow you to narrow down exactly what you want to look at/for. For example, the command:
tcpdump -i wlan1 port 22 -n -Q inout
Tells tcpdump to look for traffic via the wlan1 interface (-i = 'interface'), only through port 22, ignore DNS name resolution (-n = 'no name resolution'), and we want to see both incoming and outgoing traffic (-Q accepts in, out, or inout; inout is the default).
By running this command on your SSH server while attempting to connect via a remote machine, it quickly becomes clear where precisely the problem lies. There are, essentially, 3 possibilities:
- If you're seeing incoming traffic from the remote machine, but no outgoing traffic from your local server, the problem lies with the server: there's probably a firewall rule that needs to be changed, etc.
- If you're seeing both incoming and outgoing, but your remote machine isn't receiving the response, it's most likely the router: it's allowing the incoming traffic, but dropping your outgoing packets.
- If there's no traffic at all, that's probably a router issue as well: the remote machine's
SYN packets are being ignored and dropped by the router before they even reach your server.
And once you've discovered where the problem lies, a fix is (usually) trivial.
Best Answer
Just like @user2675345 is saying, you should probably check the DNS proxy settings if your browser has any.
Follow these steps to enable DNS lookups through a proxy in Firefox:
about:configin the address barproxynetwork.proxy.socks_remote_dnstotrueI used to be a Chrome user myself, but switched to Firefox when I noticed that the DNS lookups didn't use the proxy settings. That was a while ago and should be fixed now according to this bug report.