Não é possível SSH de externo

Eu tenho uma máquina CentOS 7.5 atrás de um roteador TP Link.

Eu ativei o encaminhamento de porta no roteador (e reiniciei).

No entanto, por algum motivo, posso executar o ping do roteador, mas não consigo fazer o telnet nem o ssh nessa máquina pela porta 22.

$ telnet [public IP] 22
Trying [public IP]...
telnet: connect to address [public IP]: Connection refused

$ ssh root@[public IP]
ssh: connect to host [public IP] port 22: Connection refused

Eu também tentei outro usuário, mas a mesma coisa.

Parei o firewall.d:

[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: inactive (dead) since Tue 2018-05-22 10:20:42 CST; 4min 26s ago
     Docs: man:firewalld(1)
  Process: 733 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS)
 Main PID: 733 (code=exited, status=0/SUCCESS)

May 21 00:49:14 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...
May 21 00:49:14 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.
May 22 10:20:41 localhost.localdomain systemd[1]: Stopping firewalld - dynamic firewall daemon...
May 22 10:20:42 localhost.localdomain systemd[1]: Stopped firewalld - dynamic firewall daemon.

E eu desativei temporariamente o SELinux:

[root@localhost ~]# setenforce 0
[root@localhost ~]# sestatus 
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   permissive
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      31

O sshd está de fato em execução:

[root@localhost ~]# systemctl status sshd
● sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2018-05-22 10:42:03 CST; 8min ago
     Docs: man:sshd(8)
           man:sshd_config(5)
 Main PID: 11861 (sshd)
    Tasks: 1
   CGroup: /system.slice/sshd.service
           └─11861 /usr/sbin/sshd -D

May 22 10:42:03 localhost.localdomain systemd[1]: Starting OpenSSH server daemon...
May 22 10:42:03 localhost.localdomain sshd[11861]: Server listening on :: port 22.
May 22 10:42:03 localhost.localdomain sshd[11861]: Server listening on 0.0.0.0 port 22.
May 22 10:42:03 localhost.localdomain systemd[1]: Started OpenSSH server daemon.

Alguma ideia?