Routers are essential to the operation of the Internet and to the
networks that connect to them. For most Internet activity, like
web-browsing and emailing, you don't need to worry about them at
all. But for a remote-control application like VNC, it's important
to have a basic understanding of what they do.

A router (doesn't matter whether it's a "software based" router like 
the ICS program for Windows, or a "hardware based" router like a
LinkSys or NetGear box) simply acts as a "translator" between one
network and another. These two networks (e.g., a LAN and the Internet)
can be distinguished by the IP address range each side uses. When a 
device on one side of the router needs to exchange data with a device 
on the other side of the router, the router automatically performs a 
real-time translation back-and-forth between two IP address. 

So if you have a PC on a LAN, think of it as having both an "internal" 
IP address as well as an "external" one that your router conceals from
you. When data moves around just within your LAN, it uses just the 
internal IP addresses. But if you want someone from across the Internet 
to exchange data with one of your PC's (e.g., you want to let someone 
connect a VNC Viewer to one of your VNC Servers), they need to contact 
you using your "external" IP address, not your internal one.

There are whole ranges of IP address that are specified to be "internal 
only"; the 192.168.x.y range is the most common example. Many routers 
simply translate one external IP address to several internal IP addresses, 
so that many PC's can now share one Internet connection. In general, this 
is called "NAT"; in Windows it's called "ICS"; in Linux it often goes
by "IP Masquerading".

And while it's pretty easy to see what your internal IP address is (in
VNC, just put your mouse cursor over the VNC Server icon in the service
tray and it'll show you), figuring out your external one can be tricky.
Not only does your router translate that external IP address before you 
ever see it, but that external IP address technically "belongs" to your
ISP, and they could change it on you every 15 minutes if they wanted to. 

As many new VNC users experience, all of this makes it difficult to connect
to a VNC Server running on a PC that's behind a router. But...given the 
security risks of connecting a Windows PC directly to the Internet...this
"inconvenience" of a router is actually a pretty good feature. Mercifully,
connecting "out" from behind a router is fairly transparent -- once the
router is working, all Internet activity that's initiated from "behind" 
the router (e.g., web-browsing, checking email, etc.) should simply work.

To allow someone to connect to your VNC server that's behind a router, the
most direct way is to adjust the router's "port forwarding" settings. Every
router (software, hardware, doesn't matter), allows in some way to "forward"
or "map" a connection from the external side "across" the router into the
protected internal side. That is, you explicitly tell the router that any
connections arriving on (say) TCP-port 5900 on the external side should be 
forwarded to the PC on the inside at IP address 192.168.0.1.

Once you've setup this "port forwarding" for VNC (it uses TCP port 5900 for 
the data connection), you can test it out. Startup your VNC Server, and 
open a web-browser on that PC, and connect it to:

http://www.GoToMyVNC.com

That scan will show you what your external IP address is at that instant, 
and if it can connect, then a VNC Viewer can connect as well.