Connecting to VNC (via SSH?) through a NAT?

You have to forward a port through your home router to your home computer.

VNC server functionality is already built into Leopard. Turn on screen sharing in sys prefs > sharing and set up "allow access for..." as desired. If you will access from afar using other than Leopard's Screen Sharing client application, also click on computer settings to set up regular VNC client login.

Turn on remote login in sys prefs > sharing. Set up access privileges for ssh remote login as desired.

If your router is robust enough, forward a high-numbered port (say, 22222) on the outside to port 22 on your Leopard computer on the inside. If you can't cross-strap the external-to-internal port like that, a little more work needs to be done.

Now ssh to your home domain. I don't know anything about silenceisdefeat.com but I do know if you get a free home domain name from dyndns.com and get and install their DynDNS Updater application, you don't need to worry about your ISP changing your home external WAN IP address anymore, you can always connect to your domain by name, e.g. sandell.dyndns.com.

From work/school/internet cafe/whatever, in Terminal.app, you
ssh -p 22222 -L 55900:localhost:5900 kyle@sandell.dyndns.com
Leave Terminal running while your vnc session is active.

Then, launch your vnc client, and connect to localhost:55900

I've made a number of posts about this since Jan 1 2008. One post, that I thought my replies were fairly straightforward and clear, but the O.P. held a slightly different view in that regard, is http://discussions.apple.com/click.jspa?searchID=-1&messageID=6880415. It may or may not help, but check it out.

I want to control "My Computer" (running a VNC server) from an "Outside Computer" without having to forward a port on the router (which acts as a NAT), if this is possible. If this is not, would I be able to use a non-standard port (other than 222 or whatever SSH/VNC connections typically are)?

If you are willing to use high numbered port to port 22, then configure your router to forward

Public Port 55101
Private IP 192.168.1.xx
Private Port 22

Now use ssh to create a VNC tunnel

ssh -p 55101 -L 5901:localhost:5900 public.addr.of.router

Now your VNC client connects to:

vnc://localhost:5901

Where the 5900 is the port your VNC server is using. The 5901 can be anything as long as you use it to make your VNC client connection.

As to your other idea, I have never done this, so I may have some stuff wrong:

I seem to recall at some point reading about creating such a connection by using an active SSH connection between an outside server running some sort of SSH forwarding program and the local computer. You then go to that outside server and it connects you to the final destination VNC. I have an account on both Silenceisdefeat.com (which I believe would allow me to run such a program) and my university unix server account.

I have never done this, but you might be able to use an SSH reverse tunnel.

From your Mac setup the following:

ssh -R 5901:localhost:5900 Silenceisdefeat.com

This connection would need to be kept going from your Mac all the time.

Now you should be able to make a VNC connection using:

vnc://Silenceisdefeat.com:5901

Again 5900 is your VNC server port, the 5901 can be anything as long as you are consistent.

If you want to use ssh encrypted tunnels all the way, then modify the reverse tunnel to target port 22

ssh -R 55101:localhost:22 Silenceisdefeat.com

and from your client system first setup an ssh tunnel to Silenceisdefeat.com which will vector this to your Mac

ssh -p 55101 5901:localhost:5900 Silenceisdefeat.com

and again you make your VNC connection using:

vnc://localhost:5901

Again, I have never done an ssh reverse tunnel, so you may want to do some Google searches on "ssh reverse tunnel" or "ssh -R".

I've found that LogMeIn.com does work, it provides a secure encrypted connection, it is not bothered by home NAT routers or most firewalls.

When the client is Windows Explorer, I think they use a DirectX control (or similar plug-in) that gives rather good performance to the target system running the LogMeIn.com software.

I know they have some kind of plug-in for Mac OS X Safari, but my experience (of maybe a year ago) was that it did not work as fast as the IE setup, but it did work. And I do not know if they had anything for other browsers, such as Firefox (my preferred browser).

Anyway, I do recommend LogMeIn.com for situations where minimum configuration and set are needed and the usage will be light duty (such as maintaining Mom and Dad's system from hundreds of miles away).

But for heavy duty frequent screen sharing, I tend to suggest other solutions (Microsoft's Remote Desktop Connection Mac client for accessing Windows), Mac OS X Leopard's built-in screen sharing for accessing another Mac (Tiger or Leopard), and VNC for other situations.

One trick to allow fairly easy screen sharing setup between Mac OS X Leopard systems is to install the Chax add-on for iChat, get some free AOL Instant Messenger accounts, then configure Chax to automatically accept screen sharing requests from specific iChat buddies. This gives very good performance and like LogMeIn.com easily deals with home NAT routers and firewalls.