How in the world do I connect via afp to office server from my house???

Hi,
I'll try and answer your question by assuming your server is at the office behind an AEBS (802.11n) and you have a static IP assigned by Time Warner and that your port mapping is being done on the AEBS under NAT port mapping.
The AEBS has to have port 548 open for AFP traffic and turn OFF personal file sharing. Your server will conduct the AFP service and not the AEBS. Depending on how you configure AFP authentication under AFP->Access determines whether you need to open ports for Kerberos. If Any Method is selected you don't need additional ports for AFP.
A reserved IP should be set in AEBS for your server, even though DCHP is standard on the LAN side, AEBS allows you to reserve an address within the range by entering the server's MAC (Machine Address).
Outside the LAN use Network Utility and ping your external IP. If you reach the server you can connect with Finder->Go->Connect to server with afp://xxxxxxxx; once you have a share to mount. If you have DNS for your external IP address you can use that in the finder address bar. Once afp service is connected you should see your server share mount on the left sidebar.
To have a share, establish a folder on a disk local to the server and find it with Server->File Sharing->designate as a Share Point and insert yourself in the ACL panel as a user with Read&Write permission. Under Share Point->Protocol Options select Share this item using AFP and give it a name. Your login greeting is set in the AFP->General panel.
I hope this helps.
Harry

If you follow Harrys advice but don't want to "expose" AFP (TCP port 548) to Internet, look into using VPN to connect to the server instead.

Leif Carlsson wrote:
If you follow Harrys advice but don't want to "expose" AFP (TCP port 548) to Internet, look into using VPN to connect to the server instead.

Couldn't the original poster also choose to connect securely in Tiger, if that is the client OS? Press Apple+K in the Finder, type in the server address, and click connect. In the window that appears, click on the gear icon and choose Options. Enable "Allow secure connections using SSH". This will encrypt your traffic with the server (tunneling AFP over SSH). Unless I am mistaken, this is the default behavior with Leopard client.

Hi Larry,
You asked for a specific way to communicate with your server (AFP over AEBS/NAT).
I roger Leif's and Jonathan's input which is concerned with secure communications. Based on the questions it seems you would be happy to get the basics first. In my case I run AFP over the internet because its faster and I don't have confidential files that I'm transferring. However, the login requirement is something to be concerned about. In my case I authenticate with Kerberos only, and am able to leave my AFP shares mounted for hours without worrying about giving away anything.
But yes there are several ways to approach the problem.
Back to your questions; there are three areas to work on, but once you do it and it makes sense to you, it isn't hard.
AEBS - use Finder->Utilities->Airport Utility (v 5.3.2) on any client inside the airport LAN. Please make sure you have a password on your AEBS configuration. Update the firmware on the AEBS to 7.3.2. Select manual setup then
under Internet->DHCP->DHCP Reservations enter your server and IP address.
under Internet->DHCP->NAT Enable NAT Port Mapping Protocol
under Disk->File Sharing Deselect Enable file sharing (reason given above)
under Advanced-> Port Mapping enable port 548 and you will see an AFP checkbox checked on saving. Done with AEBS (assuming all your routing is working fine).
Server - setup a folder as described above to have a share point. Your server will mount your share point on a connecting client as if it were a spare hard drive (virtual). Set up AFP service on the server as described earlier.
Client - (inside or outside the LAN) you can connect at either place. If inside the NAT use your internal IP (10.x.x.x) and Finder to connect. You will be presented with your Public folder and your share point folder to select from.
If outside the NAT use your Time Warner provided internet IP address and you should get the same thing. A login and a share point selection to mount.
If you have a domain name attached to your internet IP address you can use that instead of the number address.

Leif's suggestion to use VPN would allow access to the server as if you were local. Jonathan's suggestion provides a means to use AFP communication but within a secure comm channel. Both are worth considering if they fit your needs closer. If you store your connection at the Connect to server panel you may not see the gear icon that allows changing your password.

HTH,
Harry

Larry,
Don't choose the Personal File Sharing service from AEBS. Just put in the port number 548 without selecting a service. Ensure Personal File Sharing is not enabled as described previously. Personal File Sharing will use port 548 on the internal .local network thereby blocking your server from using its own AFP service.
HTH,
Harry

You're welcome,
when you get around to looking at your options re-read Leif and Jonathan's commments.
Harry