How Skype Gets Around Firewalls

I’ve recently come across an interesting article by Jürgen Schmidt on Heise Security describing how Skype establishes a direct call between two subscribers behind NAT (Network Address Translation) firewalls. NAT firewalls only allow the initiation of a connection from the inside and reject packets which are not a response to a previously sent packet. In addition, some NAT firewalls also map internal TCP and UDP port numbers to new values which are used externally. This in theory prevents establishment of a connection between two computers behind two NAT firewalls which is required for a Skype connection. Skype clients, however, are quite clever and use a number of different schemes to find the right port in the firewall of the other party. In case the right port can not be found, Skype clients use a fallback mechanism and communicate via a super node in the network which bridges their media flows. For details, see this article.

So what does this have to do with wireless? Well, Skype can be used over a 3G connection as well and many operators use NAT and a private IP address space for their 3G subscribers.

In addition: As with firewalls, Skype seems to be quite flexible in regard to the Internet connection available and adapts to a UMTS bearer nicely as shown in this presentation of Tobias Hoßfeld called "Skype over UMTS".