DTC runs over MSRPC/TCP (port 135, and an upper (>1024) application port).
For info on restricting the range of application ports, see
http://www.microsoft.com/com/wpaper/dcomfw.asp (DCOM relies on MSRPC for
most of its low-level comm stuff, so what's in the article applies to
dynamic port RPC apps).
Note: This port range has to be at least 10-15 ports wide, so that all
RPC/DCOM applications can get a port. If they fail to get a port, many of
them will fail in unpredictable, and sometimes ugly, ways (e.g. IIS, MS
Exchange).
-mike
> -----Original Message-----
> From: Watson, Peter [mailto:[EMAIL PROTECTED]]
> Sent: Friday, March 10, 2000 1:50 PM
> To: [EMAIL PROTECTED]
> Subject: Distributed Transaction Coordinator
>
>
>
> We have a firewall in place already. We have developed a new web
> application. The publically accessible web servers are
> located on one secure
> segment. These web servers must talk to application servers
> and SQL systems
> on another segment on the firewall. This is where we are running into
> problems. If the systems are hooked into one hub the transactions work
> flawlessly. When the systems are split up onto the two secure
> segments the
> transactions do not go though. There are no dropped packets.
> Communication
> from one segment to another is by Microsoft's DTC
> (Distributed Transaction
> Coordinator) which will be using OBDC.
>
> I am suspecting that one of the Microsoft DTC components is
> not talking
> through layer 3 IP but on a layer 2 MAC address. Does anybody have any
> experience running the DTC components through a firewall. I
> am on the right
> track on hunting down the problem.
>
> Please add your two cents worth.
>
>
>
>
> Politically Correct Virus: Doesn't refer to itself as a
> virus- instead,
> refers to itself as an "electronic micro-organism." --- Mark Kaye
>
> Peter Watson
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
