>> You could get around the port forwarding by having everyone run a program that redirects the traffic through a different port that isn't commonly firewalled by routers.
That is what I don't like. I want as less as possible extra programs, or we can not compete with GameRanger. NPS only requires the host to run an extra program. Also, the lobby game list must work (in short: when you host a game, your IP gets published to all others, therefore I must proxy it if I do NPS, this is what the proxy server in NPS does).
>> In theory you would use a packet sniffer to grab raw incoming packets from port X (unfirewalled) and then retransmit them to yourself, locally, to port Y (firewalled from outside, so won't block local retransmission). The same would be true for outgoing packets.
Yeah, this is how NPS then will work: Client A <----- Proxy Server ----> Firewall Server <-----> Client B (Host). Only the communication between Proxy and Firewall Server and Client A and Proxy server goes through different computers in different subnets.
>> The only delay would be how fast the program could grab and retransmit the packets, once for the host and once for the client.
I can program really high performant software, the program speed won't be actually the problem. The problem is the network latency. If we chose to put the server into europe, a ping from North America may take 150ms, a ping from South America maybe 200ms. Since Ping = time for echo going out and coming back, the ping of 2 players playing in America via NPS may be around 300 - 400 (in worst case, I hope). Some tests showed that EE will start to stop the game and show those slugs at 600ms latency. So there is a chance to try.
>> Obviously there's other problems from certain use cases that need to be considered during implementation but this wouldn't require a central server or a VPN tunnel.
Our tests with Hamachi + Lobby worked fine and fast (since Hamachi will create a true Peer to Peer connection). Problem is that everyone would have to run Hamachi (also guys that just want to join) and the host requires still to run a little extra tool. That's why I dont like it.