Willy S wrote:
> Hi,
>
> Is it possible to get transaction support between two ms-sql servers (ms-sql
> 8.0) on windows 2003 servers, on different nettworks with firewall between -
> and only one way traffic on specific ports allowed?
>
> Thanks, Willy

"lucm@iqato.com" wrote:
> Communication between servers is a two-way process. Out of the box most
> firewalls will allow this without opening any port, as long as the
> transaction initiator is inside the firewall. However the network
> administrator might specifically block all trafic on ports other than
> 80; this is a matter of security policy, not technology. In which case
> no SQL communication will work.
>
> If the transaction initiator is outside the firewall then a rule must
> be created to allow incoming traffic, and if the firewall is a proxy as
> well then some NAT must be done. This is a very unlikely scenario in
> most companies. If you go this way, then at least make sure your
> firewall rules are allowing incoming traffic only from trusted IPs, and
> think about doing some port forwarding because there is a huge amount
> of network scanners out there tuned to probe the SQL Server ports.
>
> In any of these scenarios of course you must enable the TCP/IP protocol
> and you must know on which port the service is running (default is
> 1433). If you have named instances and you want to connect with the
> name, you must also enable traffic on port 1434.

Willy S wrote:
> "lucm@iqato.com" wrote:

> To make this work we found that tcp port 1433 must be opened out (ok so far).
> But then port 135 must be opened in both directions,
> and altso some ports for RPC (wich ports can be set) - for example 5000:5100
> in both directions.
>
> This is not excepted by our security demands.
> Is there a way to make DTS work with ports opened only out?
> (With Start transaction, Commit or Rollback).
>
> - WS