> But this is what i dont get... How come i can run a
> file sharing program like bearshare or icq and ppl can
> send me messages or download songs from me?
>
> So somehow those applications are opening ports for
> traffic to come in... but i dont know why or how. Even
> where i work i cannot run a web server behind the
> firewall but i can run bearshare and i punches right
> thru the firewall to open up a port and where i work
> we have one anal firewall.

Actually when you run those you aren't opening anything up to the world.
What happens is that you are connected to a server somewhere and someone
wants to download something from your machine, it will first try and get it
directly, but will realize that you are behind a firewall, so it will send a
message back though the server system that its trying to get ahold of file
such and such and the server will tell your machine that you need to open a
connection to someone else and send them a file.
If both people are on fake networks then there is no way to directly
transfer the file, unless they completely bounce it though a server
somewhere.

With icq, the person on the other end probably got a message along the lines
of "Cannot establish a direct connection, send to server instead."  ICQ
works the same way,  all incoming messages get routed though the server that
you are already connected to.

You might notice that some things just plain dont work, depending on the
quality of the masquarading in the dsl model.  You might not be able to
receive incoming files or chats through ICQ.

Brian Cluff