If you have a generic setup for SSHD, it's just a matter of telling your Linksys router to forward TCP port 22 to the IP you want access to internally, then from the outside ssh to the static IP, and you'll want to have the machine internally running ssh to have a static IP assigned, not a dynamic (DHCP) address.
Personally, I would change the port to another port not used on your machine, as a nonstandard port makes it more difficult for bots to scan you (And it will happen). But that's up to you. If you use the standard port, you need to be more careful with passwords and usernames, and don't allow root to log in to that port, and you may want to consider installing Denyhosts to block ip's that give an incorrect password 3 times automatically.
Make sure your VM (I assume that's where you are running sshd?) is assigned it's own IP and is using bridged networking so it's not natted twice. That's asking for a world of hurt (nat behind the router, then natted again behind the Leopard machine's VM software). Bridged networking makes the machine appear as if it were another physical machine in your network from the logical view.
You don't necessarily need to set up ssh on the server to a nonstandard port...you could set up a nonstandard port on the router to forward to the internal machine's port 22, if your router supports non-one-to-one mapping (i.e., forward external port 26 to internal port 22 on 192.168.xxx.xxx...), so that only machines outside your network need to use the nonstandard port assignment. But my personal preference is to alter the SSH port on the inside just to tick off bot-scanners.
To sum up...tell your linksys to forward port 22 (or what you choose to use) to your VM's IP. I recommend using a different port, though. Make sure your internal VM machine is using a static, not DHCP, ip address on your internal network, so reboots don't break the forwarding map. Then it's a matter of ssh'ing to your external static IP from an external system to test it. I also recommend using denyhosts if you stick with default port 22 to ban probes. Make sure your VM instance is running bridged, not NAT, networking on the host computer.
It sounds like you have multiple routers and multiple networks. If the two machines aren't on the same network, it won't work. Since each machine sees the other machine's IP address as inside its local network IP range, it assumes it's on the same network. If it's not, it won't work.
If you have two networks both numbered 192.168.0.0/24, a machine one one network won't be able to reach a machine on the other network. Your ping
is reaching a different machine on the same network with the same IP address as the machine you were trying to to reach.
When the wireless system happens to connect to the same network, then it all works.
You can confirm this theory as follows: Ping the default gateway on both machines. Then find the default gateway in the ARP table. See if the MAC addresses are the same. If they're not, that's the issue. They're using different routers.
Update: I like Tony Roth's theory. Maybe you have a web proxy configured that's outside of (or not allowing connections to) the local network.
Best Answer
You must allow SSH port forwarding on your router, so that external hosts can SSH to a host inside your network. You must also be careful to secure the machine inside your network, and use a strong password.
Determine the IP address of your broadband connection. I use DynDNS.org on my router, so that I just need to remember a hostname, not an IP. Most broadband connections use DHCP, so the IP address will change. DynDNS will update your hostname to point to the new IP address.
Connect to your router using SSH tunneling, like this:
externalhost % ssh -L 10080:192.168.1.1:80 yourhostname.dyndns.org
This will create an SSH connection from your local host to yourhostname.dyndns.org (which is a host inside your network). The '-L' will create a SSH tunnel from port 10080 to the router at 192.168.1.1 port 80.