Peter wrote:
I would like to be able, securely, to run VNC and actually demonstrate what he has to do. If we didn't have the firewalls....it would be easy! But with the router, he doesn't have a public IP address - exactly why I made him get one, of course. Oh dear.
The best option I've found is for you to set up your firewall to allow incoming connections on port 5500, which are routed to your PC. You then run VNC viewer in listen mode, and he then runs his server and tells it to connect to your external IP address.
This way, unless you're ready to support him there's nothing listening on port 5500, and even when you're ready you're only allowing people to connect to your PC in order to give you control of their PC - ie you're not allowing remote control of the PC which is open, you're allowing someone who wants their PC remote controlled to connect to you instead. This is much safer.
I only do this under Windows at present (since that's the client base I support) but I'm sure there are many here who could help you with the equivalent VNC settings under Linux. It's far easier than it sounds, particularly if you have a static external IP address (or have a dynamic DNS account with the likes of dyndns.org). You simply need to create a shortcut for him to use to connect to you when he needs help.
[There was a thread here on a similar subject not so long ago - check the archives, although I don't recall it going into much more detail than the above.]