I had a problem at work that I solved through trial and error. The problem was that I regularly have to Timbuktu into a remote user's machine from behind my company's firewall to give that user support. The remote machine is shielded behind both an Airport using NAT, and the firewall of the parent company. To complicate things, I do not have the administrator's help on the remote end (ie I can't reconfigure either Airport or remote firewall).
The solution involved using an exposed third computer with an ssh server as a go-between. We have a linux FTP server on our DMZ. For this to work, the remote user must have a login to the go-between ssh server.
On the remote end, open Terminal and enter the following command:
% ssh -C goBetweenIP_Address -R 10407:localhost:407 -l usernameOn the local end, open Terminal and enter:
% ssh -C goBetweenIP_Address -L 10407:localhost:10407 -l usernameOn Timbuktu, connect to localhost:10407.
Mac OS X Hints
http://hints.macworld.com/article.php?story=20030130054733106