NAT/Firewalls are a bitch. I'm not a Flash expert, but as far as I know it can only open TCP connections, and only to specially set up servers (which respond positively to a policy request on a certain port). Punching holes in firewalls is pretty much a UDP-only thing in practice; Skype is one of the few apps that truly pull it off, and even that's not 100% reliable.
You could in theory do it with a signed Java applet, though it will ask the user for permission for access to his entire computer, and it's not something you'd throw together in a few weeks.
It looks like Flash 10.1 added something built in to do the UDP-firewall-punching and connection setup for peer-to-peer video between Flash clients: http://labs.adobe.com/technologies/stratus/
No idea if that's what he's using or he rolled his own. Using Stratus seems like the most obvious option, but it looks like it's limited beta only, and the beta EULA prohibits commercial use, so if he's using it, it's unofficially.
