I would recommend that both you and your friend enable the following online ports on your router:
TCP: 80, 443, 9988, 20000-20100, 22990, 17502, 42127
UDP: 3659, 14000-14016, 22990-23006, 25200-25300
For specific instructions on how to open your ports, please visit http://www.portforward.com/ or contact your router manufacturer.
seems to be some buggy netcode
my friend and I were able to work around this by disabling the network interface in windows, and re-enabling it. (On the machine hosting the server)
I think it may use UPnP since this "trick" seems to get things working. In which case you only need to make sure UPnP is enabled on your firewall, and you wouldn't need to set up the ports.
"NAT" is network address translation. You have to specify source and destination addresses to be translated, so a shotgun blast of ports to "open" doesn't really help anyone configure anything. You could just blindly forward all of those ports through your firewall, and point them at one of your internal machines, but that's REALLY dumb. Especially when you are throwing in 80 and 443 in to the mix.
My firewall is not even registering my friends IP address, and the EA posts listing the ports needed don't specify incoming or outgoing. I suspect 80/443 are outgoing ports, the rest are a crapshoot. You probably only *need* one or two ports really, those ranges they are listing are likely just that, a range. I don't know what IP to expect since it's apparantly not coming directly from my friend, but must be getting routed through EA or something.
My firewall gets thousands of attempted port connections a second, so it's difficult to say which traffic is specifically related to this game, and since I can't filter on a specific port, and I can't filter based on IP address, it's difficult to narrow down what's actually going on.
I say boo to the implementation. But, try disabling and re-enabling your network adapter in windows (on the host), and see if that helps you connect.
