I am looking at having to span an NT domain across multiple physical locations using a WAN. The WAN consists of T1's and T3's for our corporate backbone. The PDC will reside in one location with every other location having a BDC. I need to be able to replicate WINS, map drives, share files, authenticate users ... all the usual stuff as it would work inside a LAN. However, I am faced with having to configure routers and firewalls.
Does anyone have experience doing this? I am looking at opening ports 42, 53, 135, 137, 138, and 139. Microsoft makes reference to all ports above 1024 needing to be open for RPC communication, but if I open up 137-139 and enable NETBios over TCP, will it work?
Probably. If the whole network is isolated from the internet then it should be fine. If your data transits the internet unencrypted at any point it would be a security problem.
2.6.3 What ports must I enable to let NBT (NetBios over TCP/IP) through my firewall
First of all, you should really, really reconsider if this is such a good idea to let NBT traffic through your firewall. Especially if the firewall is between your internal network and Internet.
The problem with NBT is that at once you open it up through the firewall, people will have potential access to all NetBios services, not just a selection of them, such as printing.
The question is: How much file sharing and inter segment communication do you NEED? Would it be possible to structure the network so that hosts communicated with file servers / intranet web servers in a DMZ area of each subnet.