DCOM is not suitable for firewall
One common problem with DCOM features and features is: "Is it working across the Internet?" DCOM can work well with the Internet, just configure it to use TCP or UDP, and by granting anyone starts and access, Configure the server to allow an anonymous method to call. After all, Internet is a huge IP network. But contradictions, if you will change an existing DCOM app (good work in the company's internal network or intranet) to work across the Internet, it is very likely that it is very miserable. What can be caused? Firewall.
The relationship between DCOM is born with the firewall is like the relationship between oil and water. One reason is that the SCM communication of the COM uses port 135 and SCM communication on other machines. The firewall limits the ports and protocols it can use, which may reject traffic passed through port 135. But a bigger problem is that in order to avoid application conflicts with a socket, pipelines, and other IPC mechanisms, DCOM does not fix the specific range of ports, which is the opposite, which is selected at runtime. By default, it can use any ports from 1,024 to 65, 535.
Allowing a DCOM application to open port 135 and ports 1,024-65,535 for the protocol to use for DCOM. (By default, Windows NT 4.0 is a UDP protocol. Windows 2000 is a TCP protocol.) However, this is much better than removing all firewalls. In this regard, your company's IT personnel may wish.
Another safer and more realistic solution is to limit the port range used by DCOM and only open a small range of ports for DCOM traffic. According to the principle of practice, you should assign a port for each server process, export the connection to the remote COM client (not a port of each interface pointer or one port of each object, but a server process). Configuring DCOM to use TCP instead of UDP is a good way, especially when the server performs a callback on its client.
The DCOM is used to remotely connect the protocol to be configured via the registry. On Windows 2000 and Windows NT 4.0 Service Pack 4 or later, you can use DCMCNFG to apply these configuration changes. The following is a way to configure DCOM to work through firewall.
Figure 3 Select the protocol
•
On the server (the machine to host the remote object after the firewall), the DCOM is configured to use TCP as its selected protocol, as shown in FIG.
•
On the server, restrict the port range of the DCOM will use. Remember to allocate at least one port for each server process. The example in Figure 4 limits DCOM as ports 8, 192 to 8, 195.
•
Open the port you select in step 2 so that the TCP traffic can pass through the firewall. At the same time, open port 135.
Figure 4 Select the port
Executing these steps, DCOM can work well across firewalls. If you prefer, SP4 and later allow you to specify endpoints for separate COM servers. For more information, please read the excellent papers of Michael Nelson About DCOM and firewalls, which can be found on the MSDN Online site (see http://msdn.microsoft.com/library/en-us/dndcom/html/msdn_dcomfirewall. ASP).
