This was from Microsoft Zone's Tech Support guys who were extremely helpful in giving me this info. This is info about random DirectPlay porting and whatnot, for those of us
     running on MS Proxy 2.0 and running DX6, we require this certain fix that's actually quite simple to do, to solve the DirectPlay porting problems that may be causing the
     inability to play Baldur's Gate multi.

     However, I was unable to get the gamespy lite support to work but I was able to play over Heat.net with exceptional speed and efficiency.

     Here's the fix, good luck. It's not guaranteed that it works or not, so do not mail me, mail Microsoft!


     Subject: FIXING THE RANDOM DPLAY PORTS

     It does indeed work, but it's not just an install and go deal. Here is a
     list of what you need to do (copied from xxxxxxxxxxxxx here; it
     should be a KB article already or coming soon):

     ---start copy---
     Dx6 is out and a lot of people have noticed that one of the features
     is the ability to play Directplay games through a firewall. This is
     correct, you can play DirectPlay games through a firewall, I have played
     Forsaken and Age of Empires just fine through my home LAN. How does it
     work? Well here are the instructions for MSProxy 2.0 that is used with
     Windows NT. I do not have any other information on other firewalls at the
     moment, but if someone will try some of these ports out and email me the
     results I will update the plan with the information.

     Now, the skinny on Firewall support in DPlay 6 is that the application
     DOES NOT need to support Dx6. That's right, you can play Dx5 games
     through a firewall as long as you have Dx6 installed and your buddies do
     also. Dx5 used to use a random port to communicate, Dx6 does not.

     Keep in mind however that not all games may work with the default
     configuration I have posted below. For instance, I have not had any
     success getting X-Wing Vs Tie Fighter to work yet, but then again it may
     need additional ports or something and I have not had time to call up
     Lucasarts. Please also keep in mind that you can't go calling Microsoft
     Technical Support for Windows 98 when a game won't work. You have to
     contact the manufacturer of the game first since a lot of games can be
     DirectPlay compatible but will not work properly without more
     configuration.

     The trick is that the right ports must be opened on the firewall machine
     itself. You can't just install Dx6 and suddenly have it work. Your
     administrator has to set up the appropriate port ranges.

     Plus, DirectX 6.0 users can still communicate with DirectX 5.0 users as
     long as no firewall is involved.

     Now, to set up the proxy, remember that you may very well be limited to
     using a single machine on your LAN for gameplay. So that means that if
     you have a home or office LAN, no more than one machine can be playing
     DPlay games through the firewall. But of course, you can always try it
     out to be sure.

     Here are the instructions for setting up MSProxy 2.0 for use with
     DirectPlay 6:

     Setup for Client Firewall Support Using the DirectPlay Dynamic Range

     To join a game through a firewall, the client must be using DirectX 6.0
     and communicating with a DirectX 6.0 host. To support applications using
     the DirectPlay dynamic range, a firewall administrator needs to allow an
     initial outbound TCP connection on port 47624, with subsequent connections
     of inbound TCP ports 2300-2400, outbound TCP ports 2300-2400, inbound UDP
     ports 2300-2400, and outbound UDP ports 2300-2400. For a chart
     highlighting these requirements, see the Dynamic Range Port Reference
     Chart.

     Note: It is sufficient to open only a subset of these ports starting at
     2300, for example, 2300-2310. The first DirectPlay application on a
     particular computer will use port 2300, the next will use 2301, and so on.

     Example of a Microsoft Proxy Server 2.0 Configuration:

     Internet Service Manager, WinSock Proxy service: Service Properties
     Add protocol "DirectPlay (client)" under Protocols tab.

     Initial connection
     47624 TCP Outbound

     Subsequent connections
     2300-2400 TCP Inbound
     2300-2400 TCP Outbound
     2300-2400 UDP Inbound
     2300-2400 UDP Outbound

     Give appropriate permissions to "DirectPlay (client)" under Permissions
     tab.

     Add to file "mspclnt.ini", which is in the C:\Msp\Clients folder by
     default:

     [Common Configuration]
     RemoteBindUdpPorts=2300-2400
     ServerBindTcpPorts=2300-2400
     KillOldSession=1

     Setup for Host Firewall Support Using the DirectPlay Dynamic Range

     To host a game through a firewall, the host must be using DirectX 6.0, and
     the clients beyond the firewall must be using DirectX 6.0, as well. To
     support applications using the DirectPlay dynamic range, a firewall
     administrator needs to allow an initial inbound TCP connection on port
     47624, with subsequent connections of inbound TCP ports 2300-2400,
     outbound TCP ports 2300-2400, inbound UDP ports 2300-2400, and outbound
     UDP ports 2300-2400. For a chart highlighting these requirements, see the
     Dynamic Range Port Reference Chart.

     Note: It is sufficient to open only a subset of these ports starting at
     2300. For example 2300-2310. The first DirectPlay application on a
     particular computer will use port 2300, the next will use 2301, and so on.

     Theoretical Microsoft Proxy Server 2.0 configuration:

     Internet Service Manager, WinSock Proxy service: Service Properties
     Add protocol "DirectPlay (host)" under Protocols tab.

     Initial connection
     47624 TCP Inbound

     Subsequent connections
     2300-2400 TCP Inbound
     2300-2400 TCP Outbound
     2300-2400 UDP Inbound
     2300-2400 UDP Outbound

     Give appropriate permissions to "DirectPlay (host)" under Permissions tab.
     Add to file "mspclnt.ini", which is in the C:\Msp\Clients folder by
     default.

     [Common Configuration]
     RemoteBindUdpPorts=2300-2400
     ServerBindTcpPorts=2300-2400
     KillOldSession=1

     Unfortunately, some firewall solutions, including Microsoft Proxy Server
     2.0, won't recognize additional inbound connections as subsequent
     connections. The workaround for this is that each port in the range (2300,
     2301, 2302, and so on) must get its own protocol definition, as if it were
     an application-specified fixed port. For more information, see Setup for
     Host Firewall Support Using an Application-Specified Fixed Port.
     Practically, only as many ports as active DirectPlay applications need to
     be opened, that is, to run both the applications "SuperDuperGame" and
     "WackyFunGame" at the same time, only ports 2300 and 2301 will be used.

     Using an Application-Specified Fixed Port

     An application can choose to use a fixed port rather than the DirectPlay
     default ports. If this is done, only the one port needs to be opened to
     allow that application (and only that application) to operate through a
     firewall.

     To specify a fixed port, the application must create a DirectPlay Address
     that contains the data chunk for DPAID_InetPort (defined in dplobby.h).
     The application can append the chunk to the lpAddress returned by
     EnumConnections before passing it to InitializeConnection. Alternatively,
     the application can create the DirectPlay address completely (specifying
     the service provider, IP address and port number) and pass that to
     InitializeConnection.

     Setup for Client Firewall Support Using an Application-Specified Fixed
     Port

     To join a game through a firewall, the client must be using DirectX 6.0
     and communicating with a DirectX 6.0 host. To support applications using
     an application-specified fixed port n, a firewall administrator needs to
     allow an initial outbound TCP connection on port n, with subsequent
     connections of inbound TCP port n, inbound UDP port n, and outbound UDP
     port n.

     Example of a Microsoft Proxy Server 2.0 configuration, where the
     application "SuperDuperGame" (superdg.exe) specifies the port as 12345:

     Internet Service Manager, WinSock Proxy service: Service Properties
     Add protocol "SuperDuperGame (client)" under Protocols tab.

     Initial connection
     12345 TCP Outbound

     Subsequent connections
     12345 TCP Inbound
     12345 UDP Inbound
     12345 UDP Outbound

     Give appropriate permissions to "SuperDuperGame" under Permissions tab.
     Add to file "mspclnt.ini", which is in the C:\msp\Clients folder by
     default.

     [superdg]
     RemoteBindUdpPorts=12345
     ServerBindTcpPorts=12345
     KillOldSession=1

     Setup for Host Firewall Support Using an Application-Specified Fixed Port

     To host a game through a firewall, the host must be using DirectX 6.0, and
     the clients beyond the firewall must be DirectX 6.0, as well. To support
     applications using an application-specified fixed port n, a firewall
     administrator needs to allow an initial inbound TCP connection on port n,
     with subsequent connections of outbound TCP port n, inbound UDP port n,
     and outbound UDP port n.

     Example of a Microsoft Proxy Server 2.0 configuration, where the
     application "SuperDuperGame" (superdg.exe) specifies the port as 12345.

     Internet Service Manager, WinSock Proxy service: Service Properties
     Add protocol "SuperDuperGame (host)" under Protocols tab.

     Initial connection
     12345 TCP Inbound

     Subsequent connections
     12345 TCP Outbound
     12345 UDP Inbound
     12345 UDP Outbound

     Give appropriate permissions to "SuperDuperGame" under Permissions tab.
     Add to file "mspclnt.ini", which is in the C:\msp\Clients folder by
     default.

     [superdg]
     RemoteBindUdpPorts=12345
     ServerBindTcpPorts=12345
     KillOldSession=1
