Sorry for an off topic post, but a lot of you folks are sysadmins here or there, and just might have a suggestion... ;-) I have a WinXP machine that is to be unattended for a period of 3 years (yes, I know, it sounds ridiculous, but still...). What I need is remote access to it to perform regular system maintenance, virus cleanups, occasional software installations, reboots, config changes, etc. Of course, rdesktop would do it, or vnc server or something else. The problem is that this machine is behind a NAT, and I cannot access it remotely from outside (and I need access from whereever on the planet I may happen to be). Basically, I need to setup some type of ssh tunnelling from XP (machine A) to my static-IP-24/7-high-bandwidth-CentOS server (machine B) and then further to my laptop (machine C, Fedora 10) located elsewhere (possibly behind another NAT, I can't know in advance). I have root access for all three machines (A, B and C). Of course, all three are on different LANs. However, I have never done anything like this before, so I wonder what is the best method of creating such a setup? One of my ideas was to make some script on A which would connect to B once every 15 minutes or so, look for a flagfile, and if present, initiate connection with C directly or through B if necessary. That means, if I want access from C to A, I ssh from C to B and create a flagfile, wait 15 minutes or so, and a rdesktop (or vnc or other) appears on my laptop. In theory. Or is there some other XP-tool that might do what I want out of the box? However, it need be absolutely automatic, there will be nobody around to do anything locally on A once I leave it. Another idea I had was to have machine A running as a virtual machine on a CentOS host (vmware or such would suffice). Then I could easily configure the above A-to-B-to-C scenario, shutdown the virtual A, pull its hard disk file to C, start it locally, perform maintenance, push it back to host A and run it again as a vm. But this is highly complicated, takes too much time and bandwidth, so I hope something simpler is available. Yet another idea is to ask A's ISP to provide a static IP for that machine, or to forward some available port to A, which could be used by rdesktop in some customized fashion. But the ISP may refuse such requests, and I need a robust solution. Yet even another idea is to put another CentOS machine (D) between A and A's ISP (create a local LAN). Then initiate ssh -X connection from C to D (somehow, via flagfile scenario or such), and then rdesktop from D to A over a local LAN. The main problem is NAT, if machine A had a world-accessible IP, I would just rdesktop from C to A, but alas, it doesn't... :-( Any suggestions about the best way of doing this? Thanks, :-) Marko