A. When creating trust relationships communications between the two
domains is carried out over a number of protocols with each protocol using
different TCP/IP port. Below is a list of ports which need to be enabled on the
firewall for a trust relationship:
- PORT 135 (TCP or UDP) for Remote Procedure Call(RPC)Service
- PORT 137 (UDP) for NetBIOS Name Service
- PORT 138 (UDP) for NetBIOS datagram (Browsing)
- PORT 139 (TCP) for NetBIOS session (NET USE)
- ALL PORTS above 1024 for RPC Communication
You may use LMHOSTS for name resolution (which would have #pre #dom entries
for the domain controllers) or WINS can be used which requires:
- PORT 53 (TCP and UDP) for DNS
- PORT 42 (TCP and UDP) for WINS Replication
Alternatively, a trust can be established through point-to-point tunneling protocol (PPTP). For PPTP, the following ports must be enabled:
- PORT (TCP) 1723 for PPTP
- IP PROTOCOL 47 (GRE)
If you only wish to perform management through a firewall and/or RRAS you can
only allow TCP any-139, TCP 139-any and UPD 138-138 through the firewall. Also
allow UDP 137-137 to the WINS Servers. This allows all the remote management
tools to run from the management NT Workstations.
Also see the following knowledge base articles:
- Q167128
SMS: Network Ports Used by Remote Helpdesk Functions
- Q174395
Event ID 4202 Attempting WINS Replication across Router