Connecting Users through a Firewall

If you use a firewall to keep your network secure from intruders, you can configure your firewall and the server software so that end users outside of the firewall can connect the client to the server software. Your firewall can use NAT (Network Address Translation), but it isn't required.

The typical scenario for connecting end users through a firewall that uses NAT is as follows:

1. The end user connects the client application to the server software using the masqueraded IP (the IP address that NAT presents to the outside world) and the server’s port number. For example, the end user connects with IP 10.10.10.2 and port number 3016.
2. The firewall allows the connection because it has been configured to accept connections from the masqueraded IP.
3. The firewall redirects the masqueraded IP to the server’s real internal IP. It allows the connection because the port (for example, 3016) is enabled on the firewall.
4. The server spawns a process for the end user’s client connection and assigns it a port number from the list in the system environment variable STATISTICS_CLIENT_PORTS. For example, the process communicates through port 3287.
5. The firewall allows the communication through that port (for example, 3287) because it is enabled on the firewall.