I’ll have to get back to you on that. I’m not currently at my office and can’t access the settings. I will say that, at the outset, you’ll need SSH ports (22) open. The first sync happens over SSH. Subsequent syncs do not. Therefore I recommend setting the replica up with all ports open initially, then locking things down after the first sync. This is what we did, and it was much easier.

Also, I remember that our DMZ is fully accessible (for the most part) from our internal network, but not vice-versa. This is pretty essential. Also that the replica on the DMZ is completely blocked from any traffic from the Big Bad Internet by our DMZ firewall. You can probably close most ports on the replica as well if you want to (I recommend it as an extra layer of security).

Again, when I get back in the office in a few weeks I’ll try to remember to send you the firewall setup info. If you don’t hear from me by the first week in August, and if you still haven’t figured it out, post another comment to remind me.

Oh, this Apple KBase article may be of some help to you as well:
Well-Known TCP and UDP Ports

-systemsboy

I am trying to set up almost the same system at my work place.

mail to pgreer(at)mac(dot)com

-systemsboy