ad b) if you are talking about "port forwarding" you talk about NAT which is a form of firewall, and yes, this would be a way around this limitation.
a very simple and unreliable aproach would be to start udp and listen for command
see here for further information and general examples on esp side. The server side (registering device to know ip, sending command etc) is up to your imagination ...