How to Configure a Firewall for Windows NT and Trusts

ID: Q179442

The information in this article applies to:

Microsoft Windows NT Server version 4.0

SUMMARY

To establish a domain trust relationship across a firewall, the following ports must be enabled:

PORT 135 (TCP or UDP) for Remote Procedure Call(RPC)Service
PORT 137 (UDP) for NetBIOS Name Service
PORT 138 (UDP) for NetBIOS datagram (Browsing)
PORT 139 (TCP) for NetBIOS session (NET USE)
ALL PORTS above 1024 for RPC Communication

Name Resolution can be provided through an LMHOSTS file. For additional information on browsing with LMHOSTS, please see the following article in the Microsoft Knowledge Base:

ARTICLE-ID: Q150800
TITLE : Domain Browsing with TCP/IP and LMHOSTS Files

Name resolution that requires DNS and WINS to replicate requires the following ports to be open:

PORT 53 (TCP and UDP) for DNS
PORT 42 (TCP and UDP) for WINS Replication

Alternatively, a trust can be established through point-to-point tunneling protocol (PPTP). For PPTP, the following ports must be enabled:


   PORT (TCP) 1723 for PPTP
   IP PROTOCOL 47 (GRE)

MORE INFORMATION

In addition, administration applications (such as DHCP Manager and WINS Manager) typically use randomly assigned RPC ports.

For additional information, please see the following articles in the Microsoft Knowledge Base:

Q167128 SMS: Network Ports Used by Remote Helpdesk Functions

Q174395 Event ID 4202 Attempting WINS Replication across Router

A more complete listing of the ports used by various services can be found in the Winnt\System32\Drivers\Etc\Services file. This is a text file and can be viewed with Notepad.

Additional query words: tcpip


Keywords          : ntdomain NTSrv 
Version           : winnt:4.0
Platform          : winnt 
Issue type        : kbinfo

Last Reviewed: March 25, 1999