Torrent clients usually support an extension that facilitates relaying "hole-punch" messages for other peers. Combined with peer-exchange, which allows you to know the connections of your connections, your client can hole-punch with other clients that share a common connection to serve as a relay.
Peer A is already connected to Peer B
Peer B is already connected to Peer C
When Peer A wants to connect to Peer C, it sends a message to Peer B, who relays it to Peer C, with Peer A's IP and Port
While Peer A is sending UDP connection initiation packets to Peer C, Peer C is also sending UDP connection initiation packets to Peer A. The NAT on both sides will then have a mapping for the replies that usually stays active as long as there are packets exchanged at least once every 30+ seconds.
During this connection setup, a few initial packets may be lost depending on the timing of things, but retries are sent and eventually both ends have an opening in their firewalls for each other.
Here's a link that may help with these concepts (I don't have time to really explain in full detail):
The actual extension message that torrent clients use is called "ut_holepunch", but that's just the method to relay the hole-punch setup message. You could try a web search for that extension for details.
BTW this only works for UDP, it is not usually worth it to try hole-punching TCP because it is much more complicated and rarely works.