This is about linked servers (using sp_addlinkedserver to add the "DMZSQL"
server to sysservers on "SECURESQL").

Is it possible with transaction support between two (but only one way)
ms-sql servers (ms-sql 8.0) on windows 2003 servers,
on different nettworks with firewall between - and only one way traffic on
specific ports allowed?
Only one ("SECURESQL") sql server will initiate traffic (to the "DMZSQL").

To make this work we found that tcp port 1433 must be opened out (ok so far).
But then port 135 must be opened in both directions,
and altso some ports for RPC (wich ports can be set) - for example 5000:5100
in both directions.

This is not excepted by our security demands.
Is there a way to make DTS work with ports opened only one way/out?
(With Start transaction, Commit or Rollback).

The transaction initiator, "SECURESQL" is inside the firewall.
Without transaction support (database operations without
transactions/rollback) it works with only port 1433 opened out.
But DTS seems to not work wothout ports opened both directions.
We need transaction handling (start, commit/rollback) - or thing will be a
lot more complicated.

Running this statement:

SET xact_abort ON
GO
USE pubs
GO
BEGIN DISTRIBUTED TRANSACTION
SELECT * FROM "DMZSQL".pubs.dbo.authors
COMMIT TRAN
GO

Gives this error if not all the desctibed ports is opened:

The operation could not be performed because the OLE DB provider 'SQLOLEDB'
was unable to begin a distributed transaction.
[OLE/DB provider returned message: New transaction cannot enlist in the
specified transaction coordinator. ]
OLE DB error trace [OLE/DB Provider 'SQLOLEDB'
ITransactionJoin::JoinTransaction returned 0x8004d00a].