Dynamic Port Forwarding (DPF) is a firewall/NAT traversal solution that enables communications over firewall/NAT. It consists of an add-on to firewall/NAT and a communication library that is supposed to be linked with server applications running behind the firewall/NAT. DPF enables connections into networks behind firewall/NAT by dynamically opening/closing pinholes. Please read Basic idea and/or How DPF works for detail.
DPF is an application layer approach that requires no change to the Internet(Basic idea explains this further). Therefore, it can be used without any change to the kernel, router, name server, etc. It just requires a small add-on to the firewall/NAT. It supports both TCP and UDP communications. Working in between the application and socket system, DPF provides the same syntax and almost same semantics of Berkeley socket calls. See DPFnize for the semantics that are slightly changed. It is very easy to write (or change) your software to use DPF. Most cases, applications don't even need to be changed. You can make your legacy application without rewriting or relinking through an interpositon mechanism. DPFnize explains how to make your application DPF-enabled
Though its architecture is pretty general, the current version of DPF only supports firewall/NAT based on Linux netfilter. Please read System Requirements for detail and make sure that DPF supports your system and network setting without breaking any security requirement. If DPF is not a right system to use, then please check out our site that lists all the mechanisms we provide and see if you can find another system/solution that fits better to your situation and requirements.
It is essential to discuss the security impact of DPF because it enables communications that would be blocked otherwise and therefore may introduce new vulnerabilities to machines behind a firewall/NAT. You can find how secure DPF is at Security considerations