Yes, this is exactly what UPnP was designed for: client devices requesting specific port forwarding from the Internet router. You cannot rely, however, on a router supporting and being correctly configured for UPnP (and if you happen to be supplying the router as well, just be sure to pre-configure it for your needs).
What you'll be looking for to accomplish this is a UPnP client for Ubuntu; commonly, Ubuntu is used as a UPnP server when acting as a router to the rest of the network (this greatly diminished the quality of my Google results on the topic). UPnP is, however, basically a discovery protocol plus a SOAP-based web service; I found a python script for a basic SSDP (the discovery protocol) client/server you may be able to adapt, and the SOAP stuff should be easy enough if you have a head for that kind of thing. There are SOAP libraries available for most scripting languages.
You may also find the UPnP Specification (1.1 MB Adobe PDF) useful.
The only other solution I can think of is to have the kiosk initiate the connection; perhaps you could have an area of the kiosk app that allows staff at the location to initiate a maintenance connection, causing the kiosk to contact your server. If it were me, that button would probably initiate some sort of VPN connection (like OpenVPN or L2TP/IPSec) to your server, establishing the network level link that you can then use to connect to the server in whatever manner you see fit. (Enacting the option could even require entering a "support code", which is actually the just-changed VPN user password.) Riffs on this solution include the kiosk permanently establishing a VPN connection, or establishing it for pre-defined "maintenance" windows. If you choose the automated option, I strongly recommend disclosing the practice to your clients—they may not take kindly to the idea if they discover it later (I know I wouldn't!).
