An alternative, both easy and secure, might be that both of you set up a VPN between both of you. Your VPN will create a virtual interface, that basically doesn't need a a firewall, but it only accessible over your private network. What you and your friend (well, only the "server") needs to do, is open one port. I use openVPN for this, which is free and open source. And you can run this over obscure UDP ports.. so all portscanners will see, is -say- UDP port 38492 which is open.. and all traffic have to be encrypted and authenticated anyways. Hope this helps, it improved my gameplay :) www.code.ae