Message from the cloud to a machine behind NAT / Firewall

I want a cloud machine to send a message to a machine behind a corporate NAT / Firewall.

My idea is to install on the corporate machine a client which sends a long HTTP request to the cloud machine and when the cloud has a message it returns the response.

I thought I invented the wheel until I read about "http tunneling" (is this what I am doing?). I also read that some firewalls block non html traffic even if it is on http. So what is my chance to m开发者_高级运维ake it work?

I have also read that skype uses a more sophisticated machanism. Is it because my idea does not work or because their idea is faster?

I can compromise on speed now - which approach works and easy to implement?

I know you'd like to do it with TCP/HTTP, but the way I'd do it is use UDP to NAT 'hole punch', thus establishing a UDP channel, and then use UDP packets sent over that channel as the signaling mechanism...

These may (or may not) be useful or relevant:

http://en.wikipedia.org/wiki/STUN
http://en.wikipedia.org/wiki/Hole_punching
http://en.wikipedia.org/wiki/UDP_hole_punching
http://en.wikipedia.org/wiki/TCP_hole_punching

Also -- if you really have to use HTTP, you could simply issue a new HTTP request every X seconds...

HTTP Polling, if you will...

If they block non html on port 80, you could try port 443. Unless there is a SSL "man in the middle" proxy (unlikely), you'd be ok.

IIRC skype uses port hopping, so basically you'll need an algorithm to find an unfiltered (by brute force with intelligent guesses) port that you can connect to.