Ports needed for domains
The following ports must be open in order to establish a domain trust or secure channel across a firewall. If there are hosts that have both client and server roles on both sides of the firewall, you might need to mirror these rules.
These lists were obtained from the Microsoft document How to Configure a Firewall for Domains and Trusts (Q179442) and have not been tested.
Ports that must be open
1024-65535/TCP
Server port: 135/TCP
Service: RPC
There are specific requirements for RPC communications beyond what is listed here. For additional information about configuring RPC communication for a firewall, refer to the Microsoft article Configuring RPC Dynamic Port Allocation to Work With a Firewall.
137/UDP
Server port: 137/UDP
Service: NetBIOS Name
138/UDP
Server port: 138/UDP
Service: NetBIOS Netlogon and Browsing
1024-65535/TCP
Server port: 139/TCP
Service: NetBIOS Session
1024-65535/TCP
Server port: 42/TCP
Service: WINS Replication
See