It is worth noting that by default MS DTC uses dynamic ports. I have seen firewall rules open the following ports for MSDTC: 135, 1024-65535. Which might as well have been open all ports!
The default dynamic port ranges are as follows: Windows Server 2003: 1024~65535; Windows Server 2008: 49152~65535
However, it is possible to restrict the ports that MS-DTC uses. When working in Clusters, this is of course more complicated. Some say you just need to update all the nodes in the cluster, however How to configure the MS-DTC service to listen on a specific RPC server port suggests otherwise. If you need to restrict the ports, then one option is to do this:
It is worth searching for other articles on this subject, however I have found the following: