The easy answer is to use an Apple Airport router, Mobile Me, and back to my Mac. But, that's expensive, and it doesn't do much more than allow you to get get to your Mac, it doesn't set it up as a web or FTP server.
It's fairly straight forward. The tricky part really is not to get your machine hacked into. *If you are asking this question, you probably don't want to do this.* Doing it is one thing. Doing it right means being confident you don't leave something open for somebody to get in.
We'll have to assume that you know how to configure port-forwarding and modify the DHCP configuration on your router and that you understand how all of that works -- that's all outside the computer.
You'll also need a dynamic DNS provider and a domain name, or, at the very least, a site somewhere on the Internet to which you can post the Internet-facing IP address of your router since your ISP may reassign this periodically. Alternatively, you could write a script to ask your router what it's WAN address is and then post that on some server somewhere where you'd know where to look for it (bad solution).
First: set your router's DHCP address range to something that leaves some IP addresses aside for static IP on your subnet. For example, my router assigns addresses in the range 192.168.1.1 to 192.168.1.200 -- so everything from 192.158.1.201 to 192.168.1.243 is left over for static IPs.
Don't configure the port-forwarding on your router just yet.
Once you've got all that taken care of, go to System Preferences, click on your network connection in the left-panel. Then click on the "Configure" pull-down and select "Using DHCP with Manual Address" and in the IP address field below, give your machine an IP address in the same subnet (192.168.1.*) but outside the range that the router is going to assign addresses for. For example, 192.168.1.201.
Open up /Applications/Utilities/Terminal.app and type:
sudo nano /etc/sshd_config
... find the line that says:
PasswordAuthentication yes
... and, change it to
PasswordAuthentication no
... and save the file. You want to make sure that you don't allow password-based logins to your computer. This will force SSH (secure shell) to require that you create and use encryption keys and encrypted logins to access your machine. No passwords.
Now, you can go back to your router and configure port-forwarding on it to forward in-bound connections to the ports for the services you want to use. You will need port 22 for secure shell, and if you want to use the web server, port 80. It might not be a bad idea to make the port on the router different than the port it forwards to on your Mac, if only because it would stop casual attackers.
Now is a good time to set up your account with your dynamic dns provider (like dyndns.org) and get your domain name. It's not completely necessary, but if you don't want the name and IP address of your computer to change all the time, then you want to.
Once that's set up, go to System Preferences on the Mac and click on the 'Sharing' icon. Check off 'Remote Login', 'Screen Sharing, and 'Web Sharing'. Congratulations, you've now enabled the web server, VNC, and remote logins.
To login to your computer remotely, you're going to need to create encryption keys. Go back to Terminal.app and do:
ssh-keygen
... which will create your creddentials for your account. Now, lets make a key that you can authorize to login:
ssh-keygen -t rsa -f home_rsa
... which will create two files: home_rsa and home_rsa.pub. You want to copy home_rsa.pub to the list of authorized keys for your user:
cat home_rsa.pub >> ~/.ssh/authorized_keys
... now you can take the home_rsa key, put it on a USB key fob, or whatever and use it as your private key for logging in via SSH.
You can use the tunneling features of SSH to tunnel VNC through the secure connection, and you can use 'scp' or 'sftp' to transfer files.
For example, for logging into my machine back home, I do:
ssh -i home_key -C jd@nodomain.net -L 5901:localhost:5900
Which logs me in via secure shell and forwards local port 5901 to port 5900 (the one used by VNC) on my computer at home. Then I can use screen sharing by opening another terminal Window and typing:
open vnc://localhost:5901
OS X has the VNC support built-in, so you don't need other apps.
