In fact, this problem is very simple. Although the QQ client is in the LAN, but when you open QQ to log in to the QQ server, through the firewall, your client has established a long connection with the QQ server. You can use NetStat -a to see the status of this connection is ESTABLISH.
At this point, the connection to the connection seen in the QQ server is the external IP of your local domain firewall. for example:
QQ server IP: 202.96.170.175 service port: 3333
Your machine is in the LAN IP: 192.168.0.10 Your LAN Exit Firewall Internetip: 202.106.10.100
Your client's request will go out through the firewall. If the firewall does not disable access to the 3333 port service on the Internet, your QQ client can work normally. What you see is (Netstat -a)
192.168.0.10:4817 202.96.170.175:3333 ESTABLISH
This is an illusion. The connection seen through the QQ server is: 202.96.170.175: 3333 202.106.10.100:31234 Establish
In this way, the 31234 port on the firewall is 4817 ports of your machine. (Because you are the initiator, this number is changed. Dynamic) When there is information to you, the QQ server only needs to send 31234 mouthfuls of the firewall. (Here the firewall is address translation)
So, you have to test the interpretation of the two LAN unless you can use the server IP and port through your local network, you can't succeed!
