I doubt that it's easy to do hole punching with TCP or switch the process connected to a port.
Try this for a reverse proxy through the firewall:
http://www.dest-unreach.org/socat/doc/socat-gender.txt
This solutions relies on socat, a swiss-army-knife like network tool which can connect almost any two endpoints and is bidirectional, unlike netcat or the |-pipes in command processors. It should be available for Windows, too.
You can either use socat easily to forward a TCP connection, or in this case: Reverse the "gender" of it: You'll have two socats running, one on each side of the firewall. One continuously connects to the outside. On the outside, socat will wait for a connection from someone else. Only if he connects, the outside socat will accept a connection from the inside socat. Once the inside socat connects to the outside socat, it will connect to the SQL-server. Voila, you can connect from outside to the SQL-server inside, and from the point of the firewall and from the point of TCP the connection looked like it was actually from inside to outside.
To copy from the link:
1) Start the double client on the inside server
// every 10 seconds, it tries to establish a connection to the outside host.
// whenever it succeeds, it forks a sub process that connect to the internal
// service and starts to transfer data
$ socat -d -d -d -t5 tcp:outside-host:80,forever,intervall=10,fork tcp:localhost:80
2) Start double server on the outside client
// wait for a connection from a local client. whenever it accepted it, forks
// a subprocess that tries to bind to the socket where the inside double
// client tries to connect (might need to wait for a previous process to
// release the port)
$ socat -d -d -d tcp-l:80,reuseaddr,bind=127.0.0.1,fork tcp-l:80,bind=outside-host,reuseaddr,retry=10
You should not need to specify the port for a named instance (that's kind of the point of the name - and since it's dynamic you won't want to hard-code a port into your connection strings etc. unless you want to change your config files every time the port changes). Try connecting to:
123.123.123.123\SQLEXPRESS
Also make sure that your server is exposed to the Internet on that port (firewalls may be preventing this) and that the SQL Browser service is running.
PS Ping means nothing. You need to try to telnet
to the port that SQL Server is exposed on.
Best Answer
Be sure that the SQL Server IP address is listed in the IP Addresses page in TCP/IP protocol properties ( You can access it from SQL Server Configuration Manager )
Also be sure to restart SQL Server service after you do changes.