So Skype and other p2p type applications often work by what is called hole punching (see simple guide here) to get two clients connected to each other that are both behind firewalls which block incoming connections.
uPnP is also used to get around the user manually having to forward ports. How exactly is it different to the kind of hole punching described above? I assume it must operate differently as most routers have the setting to turn it on/off, whereas I see no way one could stop the above type of UDP hole punching (aside blocking outgoing connections and incoming established/related).
Second, if say Skype/bittorrent can set up and direct connection between A-B with hole punching, does that mean it doesn't need upnp enable on the router?
Best Answer
For UPnP to work, the router in question must support it. A device with UPnP basically asks the UPnP enabled router to open a port and forward traffic to it. No party external to the LAN should be able to do this unless the LAN's router is horribly misconfigured or wide open to the world at large.
Hole punching takes advantage of UDP's connectionless nature:
Hole punching basically lets a party external to the LAN reach something listening behind a NAT with the help of an intermediary.