NAT: como o cliente-servidor pode funcionar?

O MSN usa o servidor central para enviar mensagens:

An MSN Messenger session involves a connection to a "notification server" (or "NS"), which provides a presence service. The notification server allows you to connect to "switchboard servers" ("SB"s) which provide an instant messaging service.

The switchboard handles instant messaging sessions between principals. In other words, each person in an MSN chat corresponds to a connection to a shared switchboard session. Being in two conversations at once means connecting to two switchboard servers at once. Directly connected conversations between principals are not used in MSN Messenger, and the switchboard acts as a proxy between you and those you are chatting with.

Você não pode enviar arquivos por trás do NAT.

You can receive files but not send them. Mapping the appropriate port (6891) will not improve the situation. The reason is that IP addresses are passed as data in the messages exchanged in setting up the direct, user-to-user file transfer connection. If you offer a file for download, the private address of your computer is sent to the receiver in the connection setup messages and the subsequent (inbound) connection attempt therefore fails. When receiving a file, the file transfer connection is outbound and hence, NAT poses no problems.

Há um servidor central envolvido: os dois clientes estão se comunicando com servidores MSN, que, em seguida, encaminham mensagens para os clientes que haviam se conectado inicialmente com o servidor anteriormente.

O NAT é apenas um problema quando um usuário deseja receber uma conexão, mas todos os clientes iniciam a conexão quando o sinal no servidor MSN está com suas contas, e essa conexão é mantida aberta e usada para encaminhar mensagens.