Hi,
I have to deal with a firewall policy where they *insist* on only allowing comminucation to AND FROM specific ports across sites. This also includes the infamous DCOM port 135. Which is ironic, bacause I'm beginning to think this cant be done. (Which is probably the intention!)
I know that RPC can be configured to only use a certain port range (
But AIUI, this range only applies to the temporary server port that is created by the RPC port mapper on the destination machine. It does not apply to the ehpemeral address range on the client machine. So the from port could still be any port in the ephemeral range.
A bodge (that might really break the client box) would be to set \\HKLM\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\MaxUserPorts to a low value. (Shame there is no MinUserPorts setting)
And possibly reduce TcpTimesWaitDelay to 10 seconds or so, so ports get freed up quciker??
Lordy