Many firewalls do behave this way, though. If your firewalls don't behave in such a friendly manner, then this won't work.
![what is teamviewer 9 what is teamviewer 9](https://news-cdn.softpedia.com/images/fitted/340x180/Wine-based-TeamViewer-9-for-Linux-Doesn-t-Need-Admin-Rights.jpg)
Specifically, this requires the firewalls to not change the public port of an outbound packet merely because its destination has changed the firewall must reuse the same public port as long as the source of the packet hasn't changed. If the firewalls are "P2P-friendly", this causes both firewalls (yours and the client's) to allow the traffic, thus "punching holes" in the firewall. The client also starts firing UDP packets at you. The client is signaled that you intend to connect and is given your IP. Your machine then begins firing UDP packets at the client. The main server then gives you the IP address of the client machine. When you hit connect your machine tells the main server its intention. The target machine (client) also has a TCP connection to the main TeamViewer Server. In order to pin hole your machine (viewer) has a TCP connection back to the main TeamViewer server. This can be locked down on enterprise grade devices, but in general 90% of the firewalls out there will allow return traffic. If they see an inbound packet that matches an outbound packet they will generally allow the packet through even without a specific rule being placed in the firewall's access list. Firewalls are designed to look for UDP packets and record the source and destination as well as the timestamp.
WHAT IS TEAMVIEWER 9 VERIFICATION
This means packets are fired off at their target with no verification (at the protocol level) that they were received or even reached the destination.
![what is teamviewer 9 what is teamviewer 9](http://1.bp.blogspot.com/-ZqqyAN3wjG8/UqBsooAJ0cI/AAAAAAAAQ2I/foGeRwAa63U/s320/teamviewer9-quicksupport-linux.jpg)
To elaborate on ewanm89's post, TeamViewer does use UDP pinholeing.