Bypassing a Firewall by using a 3rd party to establish the connection

I am working on a program that needs to be able to handle firewalls eloquently while allowing direct communication between 2 clients.

I am thinking of something similar to Skype where the third party is used to establish the connection between two users, but none of the actual data is sent to the third part once the connection is established.

I understand that pretty much all firewalls block all unsolicited incoming traffic, but it is pretty easy to be able to have a program establish a connection as long as the internal program was the first to communicate out. What I don't understand is how a connection is able to be established between the two clients directly.

How can I implement something like this? Is there any proper terminology for what this technique is called? One client has to be written in Java, but the server and other client can be in pretty much any language I want.

I apologize in advance if this question has already b开发者_StackOverflow社区een asked, I tried looking around, but I feel like I may not being using the correct keywords to find it.

I think the terminology you're looking for is "NAT traversal". It's less about firewalls, and more about overcoming the difficulty of reaching a particular node on the other (private) side of NAT device (like a cable modem, for example, where the LAN side is usually assigned some non-routeable address range like 192.168.*.*)

One technique that might work for you is UDP hole punching. Each endpoint can establish outgoing connections to a third-party server, and the NAT device at each endpoint will open up ports to allow return traffic through the firewall and route it to the appropriate LAN node on each side. The endpoints exchange port information through the third party server, then re-use the "holes" they just "punched" through the NAT devices to communicate directly with one another from that point onward.

Exactly like Jim says it's Traversal NAT, or STUN. There is a Java implementation, the project is no longer maintained but you could use it to study.

http://nutss.gforge.cis.cornell.edu/stunt.php

It depends in what u want!!

If u want that to work only ~85% of the times you can use STUN server! here is a list of some free ones:

https://gist.github.com/zziuni/3741933

But for 100% you also need to implement a TURN server (relay server) and that is a really expensive!! because all your traffic will pass by your server and be relayed to the clients you can see https://www.twilio.com/stun-turn to see how expensive it is, u also can deploy your own the best for me is https://code.google.com/p/rfc5766-turn-server/

But this is just the tip of the iceberg!!!!!!!!!

now you know how to send exchange data between clients! BUT you to use a signaling server to create the communication session because when i wanna call you, you have to receive a notification saying that, i'm trying to call you.

Then if we accept the call, we still need to exchange the how are we going to talk! why because maybe i can p2p but u cannot so we have to use a relay server. the next step is saying what we are going to send, after all of that we start communicating normally...

read about webrtc to get a better view on the point

i hope it helped