Hello @cb_user
Port forwarding can be complex to set up in general, and having to get it working through two layers of router/firewall devices makes it even more complex. It's important to understand that each of those router/firewall devices (your cable modem/router and your Nest WiFi Router) have more than one IP address. They have a "WAN" IP address that is assigned by the outer network they are connected to, and a "LAN" IP address that is part of the "inner" network they are creating. So, your cable modem/router has a public IP address (50.x.x.x – let's call that "PUBLIC-WAN" for simplicity), but it is also creating an inner network, and from what you've provided, it isn't clear what IP address range that network has (but we can figure it out relatively easily – see below).
Meanwhile, your Nest WiFi Router has a WAN IP address as well – one that is assigned by your cable modem/router. We can find that by opening the Google Home app, tapping on the Nest WiFi Router, and then the gear icon in the upper right corner. It's WAN IP address will be shown under "Wi-Fi information". Take note of it, but for now we'll call this "NEST-WAN" below. You can also see the Nest WiFi Router's LAN IP address on that screen, but it's actually irrelevant here.
It looks like the IP address of the host you want to expose it 192.168.86.9. That "9" is not a port number – we want to stick to using port 22 for simplicity all the way through here.
So, to set up a port mapping, we first need to configure a mapping in your cable modem/router from external port 22 to the Nest WiFi Router's WAN IP address (NEST-WAN, which we found above). Once that is set up, incoming SSH connections to PUBLIC-WAN will get delivered to the Nest WiFi Router. But, since it's also a firewall, we now need to set up a port mapping there as well.
First, we need to make sure your target machine has an IP address reservation in the Google Home app. Tap the "Wi-Fi" bubble at the top, then the gear icon in the upper right corner, then "Advanced networking", and finally "DHCP IP Reservations". When adding a new reservation, make sure to hit the "save" icon (looks like a floppy disk).
After that, back at the "Advanced settings" screen, you can go into "Port management" to create a port mapping between port 22 and your target host (192.168.86.9 – the address you created a reservation for above). Use internal port 22 for this mapping as well. You can pick "TCP" only for this, too. Once again, click the "save" icon to add the rule.
Finally, assuming your target host is running and listening for SSH connections, you can test this from an external client. Whew. Unfortunately, if it doesn't work, there isn't necessarily a great way to figure out where it's gone wrong. You may be able to put a machine on the intermediate network (the one created by your cable modem/router – outside the one created by your Nest WiFi Router) and try connecting to the NEST-WAN IP address. That would at least narrow things down to the Nest WiFi Router layer of firewall.
