What you’re doing by forwarding those ports is essentially leaving security in the hands of the protocols you’re connecting to. For example, MacOS X client (as opposed to server) does not encrypt AFP (file sharing) connections, so anything you send via that method will be in the clear. Same goes for VNC to connect to your remote Mac’s screen. Windows’ Remote Desktop protocol will (if you tell it to) connect securely. You are also leaving those services open to any would-be hacker to try to guess your password or exploit weaknesses in the protocols you’re making available.

A better (if slightly more difficult) method is to leave a single obscure port open and forwarding to your SSH port, port 22. (Your don’t just forward port 22 through because it’s a well known port to gain remote control of a computer — so forward port 87644 or something else random to 22 and you’ll avoid some common attacks.) Using SSH you can forward other ports and thereby gain file sharing, web browsing, screen sharing, and any other sort of access to your local network.

There’s a few programs out there that make this easy for you, including JellyFiSSH, AlmostVPN, and VPN Tunnel Manager.

Your big advantage here is that you gain flexibility (you don’t have to open a new port each time you want to open up a new service), and you gain security, since SSH is a well tested piece of security software and will provide sufficient security for most home users.

I hope this is helpful. Happy hacking!

And the way I was trying is working now anyway.

Hmm, I’m guessing that the extra step of using dynamic domain names is what makes it work. Instead of the same ip address with a port tacked on, it’s a different domain name. Off to try that now.

Thanks, Ian