Why is SSH forwarding happening even with port forwarding disabled?

I am using an Aiport Extreme as my wireless router, and it has port forwarding set up but disabled for SSH: Screen shot of my configuration windowThe port forward settings sheet

However, I keep seeing instances of ssh login attempts from outside -- someone is trying to access my computer using a series of user names. Moreover, I can still log in from outside my home network using SSH, so I know it's open to the world.

How is this happening? How do I stop it?

Edit

Here is the log for a connection attempt:

==> /var/log/system.log <==
Apr 10 10:36:41: --- last message repeated 8 times ---
Apr 10 10:36:41 null-3 sandboxd[56246]: sshd(68515) deny mach-per-user-lookup

==> /var/log/secure.log <==
Apr 10 10:36:43 null-3 sshd[68516]: Invalid user presto from 124.124.91.195

Solution 1:

I am pretty sure when you select remote log in in the sharing preference pane, OS X opens the port on the router programmatically using NAT-PMP. Have you tried disabling that on the airport and rebooting?

Turn off NAT-PMP

Also be sure you are not editing a profile that is not active on the Airport. I have fallen into that trap once or twice every so often.