On Wed, 2005-04-06 at 11:18 +0200, Antoine Pitrou wrote:
But the real difference here between UDP and TCP, is that when you open an outbound TCP connection, incoming TCP traffic will only be allowed *for that connection*. Whereas if you send an outbound UDP message, *all incoming UDP traffic* towards the originating address/port will be enabled (at least on some NAT boxes).
This makes it easy for P2P systems to exchange messages between two NATted clients without any proxying/tunnelling mechanism: you just have to "punch a hole" by sending sporadic outgoing UDP traffic from your UDP socket and then you can receive all UDP traffic coming to that socket. You can't do that with TCP.
You can't do that with NATted UDP, either. Quite many firewalls want to match all of the (srcIP, srcPort, dstIP, dstPort) to match.