Question : Remote Control of Desktops Behind NAT'd router without port forwarding

I'm an IT Consultant, and am working with VNC (tightVNC actually) with SSH to allow myself to remote control people's computers that require my tech support.

I'm trying to design a downloadable set of programs that will allow me to connect to their computer with just a unzip of a file, and running a single program that will initialize the VNC server and SSH server. I can do that manually, if I talk them thru logging into their router (that's sharing their DSL/broadband) internet connection and talking them thru doing port forwarding to their computer's IP address, however that's a big pain to do every time.

Is there something that will open a temporary hole in the NAT router that I can follow back in to run a VNC session thru? Ie. Tell them to goto xxx.yyyy.com/findme.html that will tell me what their public IP address is, and allow me to come thru that connection to the router.

Any ideas anyone?

I could even just have MY intenet connection configured so that they would connect to me, and I would work backwards thru the tunnel to them would be fine.....I have ddns initialized on my router, so I can always find my systems on the internet.

Thanks for any ideas
David T

Answer : Remote Control of Desktops Behind NAT'd router without port forwarding

This actually can be implemented with the Cygwin implementation of SSH. All open-source, all free =)

Here's the steps:

-Install cygwin onto your computer include ssh package
-Configure ssh for your user accounts.
-Lock up all user id's setup on your computer (user ID/passwords < 8 char's at least because if your user id/pass is guessed, there's full-access to your system from the net. Disable any accounts not needed.)
-Optionally lock the login console interface (cygwin) with an alternate to bash that just displays a print output.
-Get something like putty (ssh client that runs on windows). Configure port forwarding of: remote:5910:localhost:5900.

And you're done. When the person with the putty client connects into your computer (from anywhere, even from inside a NAT'd network on their end), you connect to your local VNC to port 5910 and you can connect backwards to their system. The only router setup you have to do is on your end, and you forward port 22 to your computer. Then, you can have Dyndns installed for your local setup, and you can have someone connect with username.dyndns.org:22.