AFAIK this isn't Linux-specific, but I figured one of you fine folks
would know what to do.

I'm trying to forward a couple ports on my broadband router so that SSH
and my web page are visible (on non-standard ports), but the router
won't play nice. I've done this successfully twice before, so I'm not
a total idiot (only partially so). Obviously I can't show you screen
shots on my web site, but I can email them out if requested.

The router is an Actiontec MI424-WR. It's a big guy, something over a
foot tall and almost 2" wide (standing on edge). The Verizon tech
brought it when we got digital TV (the set-top box gets its program
data from who-knows-where through a coax connection to the router).

I want to forward external xx -> HTTP (80) and external yy -> SSH (22).
So I log into the router @ 192.168.1.38 and click on "Firewall Settings"
at the top, then "Port Forwarding" on the left, then I see:

Networked Network WAN
Computer / Address Connection
Device Protocols Type Status
------------ ------------ --------------- ---------- -----------
192.168.1.11 192.168.1.11 SSH (external) All Resolving...
(Unresolved) TCP Any -> yy Broadband
Devices

ebens-desktop ebens-desktop HTTP (external) All Resolving...
(Unresolved) TCP Any -> xx Broadband
Devices

72.91.128.zzz 72.91.128.zzz FTP All Resolving...
(Unresolved) TCP Any -> 21 Broadband
Devices

I left out two columns: "Public IP Address" which is blank for each
one, and "Action" which has two icons in it for each one: one meaning
"edit" and one meaning "delete".

"ebens-desktop" is the router's name for my desktop machine
(192.168.1.11). I am using DHCP (/etc/network/interfaces says so)
and am currently connected (the router says so). That third item (the
one about FTP) was me just trying something out, using the default
options. It can be junked at any time; I'm not even running an FTP
server. The "unresolved" appears when I click the "Resolve Now" button.

The "unresolved" is what makes it not work. The router's log ends with
this:

Time Event Event-Type Details
-------- ------ ---------- -----------------------------
Jan 23 System Message daemon.warn cLink: clink0: 14:10:37 Log
ioctl(DRV_GET_MY_NODE_INFO) 2007 failed,
res=-1: Bad address.

I found a forum for this ISP, and found as a reply (after someone
complained about the same problem I'm having):

,--
| Well, "Bad address."
|
| What's the IP of your router?
|
| What's the IP of the machine behind your router you want ports to
| forward to?
|
| Are they on the same subnet? Maybe you typed the IP wrong?
|
| Maybe the IP you are coming in from is unroutable? (probably not)
'--

The solution agreed on in this case was to get around the problem in the
application, so actual port forwarding was never done.

The rule I'm trying to set up seems to pass his tests, except I can't
see how the router's IP address matters (except that the forward-to
address is non-routable). What am I forgetting?

--
I firmly believed we should not march into Baghdad ...To occupy Iraq
would instantly shatter our coalition, turning the whole Arab world
against us and make ... a latter-day Arab hero assigning young soldiers
to a fruitless hunt for a securely entrenched dictator[.] -- GHWB