Kevin Buettner wrote:
...snip
> Two points:
> 
> 1) It can't work because 192.168.X.Y are private network numbers.
>    (And you'll never be able to get a route to one of these numbers
>    from the outside.)

Au contrair, dude.  If you are God of your firewall or
router you can do any number of goofy routing tricks.  This
may not be the best way, it's certainly not the only way,
but it's the first thing that worked for me so far:

Download and install ipmasqadm on the firewall.

Assuming the firewall's IP is 123.45.67.89, the private
subnet host is 192.168.0.2 and X traffic comes in on port
6000 -

ipmasqadm portfw -f
ipmasqadm portfw -a -P tcp -L 123.45.67.89 6000 -R
192.168.0.2 6000

now establish the ssh session:
[me@home]# ssh gumby.greeny.org
<enter password>
[me@gumby]# export DISPLAY=123.45.67.89:0.0
[me@gumby]# xcalc

*poof*, xcalc's output appears on the home X display.

> 2) Even if it could work, you wouldn't want to do things this
>    way because if you'd likely be sending the X protocol data
>    unencrypted.

Since the session has been established via ssh I'm assuming
for now that the traffic's encrypted - none of the raw
packets I've looked at had anything recognizable anyway. 
Doing the same thing with TELNET instead of ssh I can see
cleartext goodies in the packets.

It's my understanding that port forwarding takes place
_after_ any ipchains rules have been applied, so it's not a
gaping Microsoft-style  hole in the firewall.

I'd never describe this as "elegant", but it works. I'm
still pursuing an elegant solution.  The various VPN howto
docs look promising.  This method can only support one
machine.

Steve