Firewall/NAT

I'm using monowall to provide a DMZ for some database servers.  From my internal network, and from the local DMZ lan I can SSH to my servers, then forward applications through the SSH tunnel with no problems (rdesktop, vnc, etc).  When I connect from the outside internet back to the servers, interactive terminal sessions work, but anything sent through a secure tunnel fails.  The error looks like this:

channel 3: open failed: connect failed: Connect failed

Has anyone else had this problem? 

My nat rule looks like this:
WAN      TCP      22 (SSH)      192.168.50.12      22 (SSH)      SSH connection to BI2 

The the corresponding firewall rule looks like this:
TCP      *      *      192.168.50.12      22 (SSH)      NAT WAN -> SSH on BI2

I'm pretty stumped by this, but I've been able to eliminate everything but the monowall from the equation.  I did try selecting "allow packet fragmentation" but to no avail.

Thanks in advance.

-Max

I regularly ssh from outside to an ssh server on my lan and have no issues with port forwarding..


That error indicates that the ssh server couldn't open a connection to the forwarded port.  Is there a firewall log to show a deny ?  And are you sshing to the same server and port forwarding to the same destination from outside that you use for your setup that works on the inside ?

Actually, this turned out to be a simple problem with my SSH command syntax.  I was trying to forward the port form the firewall, not the target machine as I had intended.