most thecniques involve the use of troyans and lot of new antivir / spyware apps detect them.. not sure if it is the right way.. if you enable a RAT system you need to double check to keep it private or everyone out there can use the system to check his computer.. vnc at least has some security functions for this..
anyway returning to the things i wrote i would follow these steps in order to make it work properly and always:
1) give the router a dynamic dns, if you register on www.no-ip.com you can create a free dns using the host/redirects section of the site. you click on add a host, choose a host name and a extension (for example zapto.org), leave host type A and the ip address it takes like it is. save and close the site.
Open your router and look through it's settings, you should be able to set a dynamic dns. if you have that page you will notice that you can add dynamic dns from different providers, usually the no-ip provider is in the list, you only have to choose it and put in your loggin details, email and password and the hostname you want to update.. when you save the router page it will update the hostname to your ip address..
if everything works correctly you should be able to open the cmd and type in ping hostname and the ip address that will show should be the same of your external connection.
2) give the pc that you want to control a fix ip. to do this u need to open the details of the network card on that pc and figure out it's mac address.. some new routers have a section where you can see the connected devices on your lan and read also thier mac address so it can also be possible to do everything without touching the other pc.. if you figure out the mac address you can add it to the access control list, other routers call this section the reservation section or there are also other ways to call it but i can't remember them now.. anyhow it is a section where you are asked to give a name to a pc, a mac address (xx:xx:xx:xx:xx:xx) and a lan ip (192.168.x.x). after you have saved the settings, everytime the computer switches on it will have always the same ip.. this has to be done so that you can forward the correct port on that ip address and if you do this you will be sure that the computer which will have that port forwarded will always be the same.
3) now i think this part has already been done, so just forward a tcp 5900 port for the ip address you have setted above. restart the lan connection the pc and check that the ip address it gets from dhcp is the same you have added into your NAT / firewall.
if all the details are correct then you can also use a pc from another network, use vncviewer and connect to hostname:5900 and it should work.
also remember that in the vncserver settings you can stop connections which aren't coming from the lan, so this function must be disable, connections must come from all over.. do to this you need to open the vncserver options, choose the connection tab, untick the "only accept connections from the local machine". remember also to set a password to be more secure, you can do that in the authentication tab.
good luck
