Closed jsha closed 9 years ago
Another useful reference: https://en.wikipedia.org/wiki/Network_address_translation
Firewalls can easily do more harm than good, and if your hypothesis is correct this would be a strong example of that. I think it's important to be clear about what they're supposed to be preventing (such as external access to a known-vulnerable interface) and limit them to specific purposes.
More general problem of NAT traversal is listed and discussed in #222 . Combining this with #222 and closing.
UDP hole punching is a NAT / firewall technique that allows P2P VoIP applications like Subrosa.io without pushing all traffic through a server. I think our current firewall rules may prevent it, but I think we should probably allow it.
https://en.wikipedia.org/wiki/UDP_hole_punching