.png?width=100&auto=webp&quality=80&disable=upscale "Picture of John Savill")
.png?width=400&auto=webp&quality=80&disable=upscale "John Savill")
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
How can I create a domain trust through a firewall?
John Savill
January 8, 2000
1 Min Read
A. When creating trust relationships communications between the twodomains is carried out over a number of protocols with each protocol usingdifferent TCP/IP port. Below is a list of ports which need to be enabled on thefirewall for a trust relationship:
PORT 135 (TCP or UDP) for Remote Procedure Call(RPC)Service
PORT 137 (UDP) for NetBIOS Name Service
PORT 138 (UDP) for NetBIOS datagram (Browsing)
PORT 139 (TCP) for NetBIOS session (NET USE)
ALL PORTS above 1024 for RPC Communication
You may use LMHOSTS for name resolution (which would have #pre #dom entriesfor the domain controllers) or WINS can be used which requires:
PORT 53 (TCP and UDP) for DNS
PORT 42 (TCP and UDP) for WINS Replication
Alternatively, a trust can be established through point-to-point tunneling protocol (PPTP). For PPTP, the following ports must be enabled:
PORT (TCP) 1723 for PPTP
IP PROTOCOL 47 (GRE)
If you only wish to perform management through a firewall and/or RRAS you canonly allow TCP any-139, TCP 139-any and UPD 138-138 through the firewall. Alsoallow UDP 137-137 to the WINS Servers. This allows all the remote managementtools to run from the management NT Workstations.
Also see the following knowledge base articles:
About the Author
You May Also Like
.png?width=700&auto=webp&quality=80&disable=upscale)