Firewalls and NAT
A peer behind a firewall can send a message directly to a peer outside a firewall, but a peer outside the firewall cannot
establish a direct connection with a peer behind the firewall. The same is true for peers which are behind a NAT
device.
In order for JXTA peers to communicate with each other across a firewall, the following conditions must exist:
At least one peer in the peer group inside the firewall must be aware of at least one peer outside of the
•
firewall.
The peer inside and the peer outside the firewall must be aware of each other and must support a
•
common transport (HTTP or TCP).
The firewall, at the very least, has to allow outbound HTTP or TCP connections. Figure 4-3 depicts a
•
typical message routing scenario through a firewall. In this scenario, JXTA Peers A and B want to pass a
message, but the firewall prevents them from communicating directly. JXTA Peer A first makes a
connection to Peer C using a protocol such as HTTP that can penetrate the firewall. Peer C then makes a
connection to Peer B using a protocol such as TCP/IP. A virtual connection is now made between Peers
A and B.