In my friend's rural neighborhood, the only Internet service is provided by an ISP that delivers Internet services through local dish transceivers mounted on the home. I believe the system is called "Air OS". We wish to access his router remotely, and he is now paying his ISP for a static IP address and access to all ports (except port 80, which is used to administer the dish transceiver).
When he subscribed to this the enhanced service, including the static IP address, the ISP informed me that all TCP/IP traffic (except port 80) is passed directly to his router. (I know that not "ALL" traffic is passed to the router, because his static IP address responds to ICMP Ping, even though that is turned off in the router, which I believe means that the dish itself is responding to the ping instead of the router being able to respond.)
The ISP instructed me to set the router's WAN-facing static IP address to 10.10.1.2, and the gateway is 10.10.1.1. So the router does not actually see the "real" static IP address.
The problem we are facing now is that I cannot SSH into his router from any remote location, nor can I connect to the OpenVPN configuration we have created from any outside site. When I try to SSH into the router from outside, I configured SSH on the router to respond on port 2222 and I try:
$ssh -p 2222 nn.nn.nn.nn|toor#nn.nn.nn.nn|toor (the ip address)
and the result is: "ssh: connect to host nn.nn.nn.nn port 2222: Connection refused"
Here is an additional troubleshooting step I have taken: I put a Windows 7 machine directly behind the dish (in place of the router). When I try to VNC to the computer from an outside site, I am immediately connected to the computer.
Is there a configuration I need to make in the router to enable connecting to it from the outside when its "static ip address" is not the "real" ip address?
Am I even asking the right question!? :-)